连接重置连接 - 打开URL时SSL_connect
[英]Connection reset by peer - SSL_connect when opening a URL
问题描述
I'm attempting to download a .zip file from a BingAds URL and am struggling to bypass this error: 
我正在尝试从BingAds网址下载.zip文件,并且正在努力绕过此错误:
Connection reset by peer - SSL_connect
I have this code currently running in production through another app but am utilizing nitrous.io for new application on a chromebook and running off their default rails install (the nitrous box). 我有这个代码目前正在通过另一个应用程序生产,但我正在使用nitrous.io在chromebook上的新应用程序和运行他们的默认rails安装(亚硝酸盐盒)。
The code currently working in the other app: 目前在其他应用中使用的代码:
class BingApi
def self.get_data(request_params={})
require 'zip'
#Acquire Bing report download URL
report_url = BingApi.acquire_report_url(report_request_id, request_params)
zip_file = open(report_url)
unzippedxml = Zip::File.open(zip_file) # open zip
entry = unzippedxml.entries.reject(&:directory?).first # take first non-directory
entry.get_input_stream{|is| is.read } # read file contents
end
The report_url will look something like: https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=cWmkJ72lVlzGEG%2fouLL8Xes2j6I5qVhLrnTqNIrW .... report_url看起来像: https : report_url ....
When visited, it will prompt the download of a .zip file which I unzip and then parse. 访问时,它将提示下载.zip文件,我解压缩然后解析。
However, this same code on the chromebook utilizing the nitrous box gives me the Connection reset by peer - SSL_connect error 但是,使用nitrous box的chromebook上的相同代码使我Connection reset by peer - SSL_connect错误Connection reset by peer - SSL_connect
Errno::ECONNRESET - Connection reset by peer - SSL_connect:
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:852:in `start'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:313:in `open_http'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:724:in `buffer_open'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:210:in `block in open_loop'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:208:in `open_loop'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:149:in `open_uri'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:704:in `open'
/home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:34:in `open'
lib/bing_api.rb:25:in `get_data'
lib/bing_api.rb:224:in `get_and_parse'
I've been trying various different solutions: 我一直在尝试各种不同的解决方案:
zip_file = open(report_url, :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)
OR 要么
zip_file = Faraday.get(report_url, :ssl => false)
Finally I've bypassed it by using: 最后我通过使用以下方法绕过它:
uri = URI.parse(report_url)
https = Net::HTTP.new(uri.host, uri.port)
https.open_timeout = 5
https.use_ssl = true
https.ssl_version = 'SSLv3'
request = Net::HTTP::Get.new(uri.request_uri)
zip_file = https.request(request)
but I can't pass the zip_file to unzippedxml = Zip::File.open(zip_file) or I get a no implicit conversion of Net::HTTPOK into String TypeError. 但是我无法将zip_file传递给zip_file unzippedxml = Zip::File.open(zip_file)或者我no implicit conversion of Net::HTTPOK into String TypeError。
Am I missing something simple here? 我错过了一些简单的东西吗? Should I do something different with that zip_file.class => Net::HTTPOK object? 我应该使用zip_file.class => Net::HTTPOK对象做些不同的事情吗?
I tried calling zip_file.body but what is returned looks like what you'd see if you tried to open an zipped file in an editor prior to unzipping. 我尝试调用zip_file.body但是如果你在解压缩之前尝试在编辑器中打开压缩文件,那么返回的内容就像你看到的那样。
1 个解决方案
解决方案1
4 已采纳 2015-01-14 06:56:43
The server is broken. 服务器坏了。
It only supports explicit TLS1.0 and SSL3.0 handshakes and does not support the commonly used and most compatible SSLv23 handshake. 它仅支持显式TLS1.0和SSL3.0握手,不支持常用且最兼容的SSLv23握手。 And even with explicit TLS1.0 handshake it can fail if you include the wrong or too much ciphers. 即使使用明确的TLS1.0握手,如果包含错误或过多的密码,它也会失败。 The relevant output from analyze.pl : 来自analyze.pl的相关输出:
* version SSLv23, no verification, ciphers= -> FAIL! SSL wants a read first
* version SSLv23, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers= -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_1, no verification, ciphers= -> FAIL! SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* version TLSv1_1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1 no verification, ciphers= -> TLSv1,AES256-SHA
* version TLSv1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version SSLv3 no verification, ciphers= -> SSLv3,AES256-SHA
* version SSLv3 no verification, ciphers=HIGH:ALL -> SSLv3,AES256-SHA
* supported SSL versions with handshake used and preferred cipher(s):
* handshake protocols ciphers
* SSLv23 FAILED: SSL wants a read first
* TLSv1_2 FAILED: SSL wants a read first
* TLSv1_1 FAILED: SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number SSL wants a read first
* TLSv1 TLSv1 AES256-SHA
* SSLv3 SSLv3 AES256-SHA
As can be seen here SSLv23, TLSv1_2 and TLSv1_1 handshakes do not work and TLSv1 handshake does work but not if ciphers are HIGH:ALL (maybe too much ciphers or maybe unexpected ciphers are included). 从这里可以看出,SSLv23,TLSv1_2和TLSv1_1握手不起作用,并且TLSv1握手确实有效,但是如果密码为HIGH则不行:所有(可能包含太多密码或可能包含意外密码)。 SSLv3 handshake then works stable. SSLv3握手然后稳定工作。
Browsers work around this kind of behavior by trying multiple times while slowly downgrading the SSL/TLS protocol version used in the handshake. 浏览器通过多次尝试同时缓慢降级握手中使用的SSL / TLS协议版本来解决此类行为。 But apart from browsers practically nobody else is doing this. 但除了浏览器之外,其他任何人都没有这样做。 So any other application will usually fail unless they are specifically configured to use TLS1.0 or SSL3.0 handshakes with this server. 因此,除非专门配置为对此服务器使用TLS1.0或SSL3.0握手,否则任何其他应用程序通常都会失败。
but I can't pass the zip_file to unzippedxml = Zip::File.open(zip_file) or I get a no implicit conversion of Net::HTTPOK into String TypeError.
At least the URL you've given only returns 404 not found. 至少您提供的URL仅返回404未找到。 Please check that you've actually got a ZIP file as result. 请检查您是否确实获得了ZIP文件。 I don't know about this server, but often these kind of download links get dynamically created and are only valid if you've visited another site before and got a cookie there or a similar thing to tie the URL to your browser session. 我不知道这个服务器,但通常这些下载链接是动态创建的,并且只有在您之前访问过其他网站并获得cookie或类似的东西将URL与浏览器会话绑定时才有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.