OpenSSL :: SSL :: SSLError与Homebrew OpenSSL握手失败
[英]OpenSSL::SSL::SSLError Handshake Failure with Homebrew OpenSSL
问题描述
I'm trying to make an API request in a Ruby app, on MacOSX. 
我正在MacOSX上的Ruby应用程序中提出API请求。
When I try something like this: 当我尝试这样的事情:
RestClient.get("https://api.foursquare.com/v2/venues/explore?near=NYC&query=McDonalds")
I get this (same when it's http ): 我得到这个(当它是http ):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure
from /Users/sasha/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/net/http.rb:920:in `connect'
(If I try ( open("https://...") ), I get this: (如果我尝试( open("https://...") ),则会得到以下信息:
OpenURI::HTTPError: 400 Bad Request
from /Users/sasha/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/open-uri.rb:353:in `open_http'
I took a look at some SO discussions about this, and in particular this one led me to believe it was an issue with my OpenSSL not finding the right cert.pem file. 我看了一些关于此的SO讨论,尤其是这一讨论使我相信OpenSSL找不到正确的cert.pem文件是一个问题。 I'm using Homebrew, and my Homebrew OpenSSL is installed in /usr/local/bin . 我正在使用Homebrew,并且我的Homebrew OpenSSL安装在/usr/local/bin 。 The original Mac version of OpenSSL is at /usr/bin , I think. 我认为OpenSSL的原始Mac版本位于/usr/bin 。
I followed the suggestions to set a global ENV variable SSL_CERT_FILE to the path to my cert.pem file as installed by Homebrew - /usr/local/etc/openssl/cert.pem , - and when I echo that variable, it is set correctly, but when I re-open a Ruby console and try again, I get the same error. 我按照建议将全局ENV变量SSL_CERT_FILE设置为Homebrew安装的cert.pem文件的路径- /usr/local/etc/openssl/cert.pem SSL_CERT_FILE cert.pem ,当我回显该变量时,它设置正确,但是当我重新打开Ruby控制台并重试时,出现相同的错误。 Thoughts on what I'm doing wrong? 关于我在做什么错的想法? I don't know much about OpenSSL, and I'm totally flummoxed by this one, given that it seems to be finding my certificate correctly. 我对OpenSSL不太了解,并且由于似乎可以正确找到我的证书,所以我对此一无所知。
EDIT 编辑
When I run which openssl , it shows the Mac version -- /usr/bin/openssl . 当我运行which openssl ,它显示的是Mac版本- /usr/bin/openssl 。 This makes sense, given Homebrew's install notes: 鉴于Homebrew的安装说明,这很有意义:
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local.
Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.
The OpenSSL provided by OS X is too old for some software.
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
Is that the problem? 那是问题吗? I'm including the wrong cert.pem file given my version of OpenSSL? 给定我的OpenSSL版本,我包含错误的cert.pem文件吗?
1 个解决方案
解决方案1
1 已采纳 2014-10-18 18:36:08
state=SSLv3 read server hello A: sslv3 alert handshake failure
That is usually not a problem of a bad or missing certificate, but that the server does not like what the client sends, like unsupported SSL version or no appropriate ciphers offered by the client. 通常这不是证书损坏或丢失的问题,而是服务器不喜欢客户端发送的内容,例如不受支持的SSL版本或客户端没有提供适当的密码。 I get this error with this host if I try to connect with SSL3.0 instead of TLS1.0 or higher, so please make sure that you don't use SSL3.0 anymore. 如果我尝试使用SSL3.0而不是TLS1.0或更高版本进行连接,则会在此主机上收到此错误,因此请确保您不再使用SSL3.0。
If this does not help make a packet capture of the traffic and post it to cloudshark.org so that one can have a look about the traffic details. 如果这样不能帮助捕获流量的数据包,然后将其发布到cloudshark.org,以便可以了解流量的详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.