[英]certificate Error SSL_connect returned=1 errno=0 state=error: certificate verify failed
I am using a ruby/rails application which recieves some information by rest/API from another ruby/rails app. 我正在使用ruby / rails应用程序,该应用程序通过rest / API从另一个ruby / rails应用程序接收一些信息。
Second rails app has address like: https://railsapp2.domain.org (This is the authorized url which I am using in my first app) 第二个Rails应用具有以下地址: https : //railsapp2.domain.org (这是我在第一个应用中使用的授权URL)
But I get error when job runs on my first app. 但是当作业在我的第一个应用程序上运行时出现错误。
Error is: SSL_connect returned=1 errno=0 state=error: certificate verify failed 错误是:SSL_connect返回= 1 errno = 0状态=错误:证书验证失败
and i believe issue is because of this code in my app: 而且我认为问题是因为我的应用中有以下代码:
def self.fetch(url)
authorized_url = RemoteRequestBuilder.authorize_and_decorate!(url)
RestClient.get(authorized_url, { accept: :json }) { |response, request, result, &block|
raise SparcApiError unless response.code == 200
@response = response
}
Yajl::Parser.parse @response
end
I looked for some answers and found that I can use verify_ssl: false , but I don't know where to use it. 我寻找了一些答案,发现可以使用verify_ssl:false,但是我不知道在哪里使用它。 And also how can I make it work using verify_ssl : true. 还有如何使用verify_ssl使它工作:true。
I also installed certified gem but it does not change anything in output. 我还安装了认证的gem,但它不会改变输出。
i am using centOS7. 我正在使用centOS7。
EDIT 编辑
so I did this 所以我做到了
RestClient::Resource.new(
authorized_url,
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read("/etc/certs/mycert.pem")),
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read("/etc/private/mykey.key")),
:ssl_ca_file => "/etc/certs/mycert.pem",
:verify_ssl => OpenSSL::SSL::VERIFY_PEER
).get(authorized_url, { accept: :json }) { |response, request, result, &block|
raise SparcApiError unless response.code == 200
@response = response
}
and now it gives me error wrong number of arguments in get. 现在它给了我错误的get参数数目错误。
| | wrong number of arguments (2 for 0..1) /home/capistrano/opt/shared/bundle/ruby/2.1.0/gems/rest-client-2.0.2/lib/restclient/resource.rb:49:in `get' 参数数量错误(0..1为2)/home/capistrano/opt/shared/bundle/ruby/2.1.0/gems/rest-client-2.0.2/lib/restclient/resource.rb:49:in '得到”
so I removed authorized_url argument from get and then it started giving me the error cerificate verification failed. 因此我从get中删除了authorized_url参数,然后它开始给我错误证书验证失败。
so I put 所以我把
:verify_ssl => OpenSSL::SSL::VERIFY_NONE
and Now it's giving me error: Connection reset by peer - SSL_connect 现在给我错误:对等连接重置-SSL_connect
As per the documentation of Rest-Client gem 根据Rest-Client gem的文档
RestClient::Resource.new(
'https://example.com',
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read("cert.pem")),
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read("key.pem"), "passphrase, if any"),
:ssl_ca_file => "ca_certificate.pem",
:verify_ssl => OpenSSL::SSL::VERIFY_PEER
).get
can be used to specify ca-certificate and verify them. 可用于指定ca证书并进行验证。 In case you do not want to verify it, modify the verify-ssl
key to OpenSSL::SSL::VERIFY_NONE
如果您不想验证它,请将verify-ssl
密钥修改为OpenSSL::SSL::VERIFY_NONE
As per the RestClient gem source code for RestClient.get() and RestClient::Resource.new(...).get , both these methods call Request.execute() . 根据RestClient.get()和RestClient :: Resource.new(...)。get的RestClient gem源代码,这两个方法都调用Request.execute() 。 Therefore your arguments will remain the same except you'll need to pass authorized url to the .new
's argument. 因此,您的参数将保持不变,除非您需要将授权的url传递给.new
的参数。 So your code will become like this: 因此您的代码将如下所示:
my_client = RestClient::Resource.new(
authorized_url,
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read("cert.pem")),
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read("key.pem"), "passphrase, if any"),
:ssl_ca_file => "ca_certificate.pem",
:verify_ssl => OpenSSL::SSL::VERIFY_PEER
)
my_client.get({ accept: :json }) { |response, request, result, &block|
raise SparcApiError unless response.code == 200
@response = response
}
This way, you can re-use the my_client
object to send GET/POST/PUT/PATCH/DELETE
requests with same ssl options and url. 这样,您可以重复使用my_client
对象来发送具有相同ssl选项和url的GET/POST/PUT/PATCH/DELETE
请求。 eg my_client.post(...){...}
例如my_client.post(...){...}
NOTE : 注意 :
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.