堆栈内存溢出
  简体   繁体   English

红宝石SSLv3上的SSL客户端身份验证Web服务读取服务器证书B:证书验证失败

[英]SSL Client Authenticated Webservice on ruby SSLv3 read server certificate B: certificate verify failed

 原文  2014-07-17 13:40:05       ruby/ web-services/ curl/ ssl/ authentication

问题描述

I'm trying to connect to a webservice that requires SSL Client Authentication using ruby 2.1.2 but 我正在尝试连接到需要使用ruby 2.1.2进行SSL客户端身份验证的Web服务,但是

When I use the same client certificate (client_cert.pem) on curl I've got the right response: 当我在curl上使用相同的客户端证书(client_cert.pem)时,我得到了正确的响应: 

curl 'https://mywebservice.xxx.com' --cert client_cert.pem --cacert mycacert.crt

When I verbose curl I can see the handshaking going on like this: 当我详细卷曲时,我可以看到握手正在进行,如下所示: 

* Hostname was NOT found in DNS cache
*   Trying 192.168.0.10...
* Connected to mywebservice.xxx.com (192.168.0.10) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*  ...
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: mywebservice.xxx.com
> Accept: */*
> 
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 200 OK
< Date: Thu, 17 Jul 2014 12:50:26 GMT
* Server Apache/2.2.16 (Debian) is not blacklisted
< Server: Apache/2.2.16 (Debian)
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Wed, 31 Dec 1969 21:00:00 BRT
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/xml;charset=utf-8
< 
<?xml version='1.0' encoding='UTF-8'?> .....the full xml response

That's what I needed, but then I've tried the same on ruby: 这就是我所需要的,但是后来我在ruby上尝试了相同的方法: 

#ws_test.rb
require 'net/http'
require 'uri'
require 'openssl'

uri = URI.parse 'https://mywebservice.xxx.com/'
http = Net::HTTP.new(uri.host, 443)
http.use_ssl = true
http.ssl_version = :TLSv1

cert = OpenSSL::X509::Certificate.new(File.read("client_cert.pem"))
http.cert = cert
http.verify_mode = OpenSSL::SSL::VERIFY_PEER

http.cert_store = OpenSSL::X509::Store.new
cacert = OpenSSL::X509::Certificate.new(File.read("mycacert.crt"))
http.cert_store.add_cert(cacert)

http.start do
  http.request_get(uri.path) {|res|
    print res.body
  }
end

But on ruby I've got this problem: 但是在红宝石上,我遇到了这个问题: 

/home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
    from /home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
    from /home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
    from /home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/net/http.rb:920:in `connect'
    from /home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
    from /home/user/.rbenv/versions/2.1.2/lib/ruby/2.1.0/net/http.rb:852:in `start'

I've tried to change the verify_mode: 我试图更改verify_mode: 

 http.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
 # same error

and 

 http.verify_mode = OpenSSL::SSL::VERIFY_PEER
 # a different error: " SSL_read: ssl handshake failure (OpenSSL::SSL::SSLError"

1 个解决方案

解决方案1
 0  2014-07-17 14:35:21

I've solved it using the gem rest_client... 我已经用gem rest_client解决了...

This is what I did: 这是我所做的: 

require 'rest_client'

RestClient::Resource.new(
  'https://mywebservice.xxx.com/',
  :ssl_client_cert  =>  OpenSSL::X509::Certificate.new(File.read("client_cert.crt")),
  :ssl_client_key   =>  OpenSSL::PKey::RSA.new(File.read("client_cert.key")),
  :ssl_ca_file      =>  "mycacert.crt",
  :verify_ssl       =>  OpenSSL::SSL::VERIFY_PEER
).get

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书B:证书验证失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败的MAC - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:Mac上的证书验证失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on Mac connect:SSL_connect返回= 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败(OpenSSL :: SSL :: SSLError) - connect: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证仅在代理时失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ONLY WHEN PROXYING SSLv3读取服务器证书B:证书验证失败(Twitter ::错误) - SSLv3 read server certificate B: certificate verify failed (Twitter::Error) Rails / Ubuntu:SSLv3读取服务器证书B:证书验证失败 - Rails/Ubuntu: SSLv3 read server certificate B: certificate verify failed OpenSSL :: SSL :: SSLError(连接到Paypal时,返回SSL_connect = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败) - OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed) while connecting to Paypal Heroku Rails Net :: HTTP:OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败 - Heroku Rails Net::HTTP: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败-向外部API耙任务 - OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed - rake task to external API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM