堆栈内存溢出
  简体   繁体   English

connect:SSL_connect返回= 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败(OpenSSL :: SSL :: SSLError)

[英]connect: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

 原文  2010-12-01 14:50:32       ruby/ soap/ ssl/ openssl/ savon

问题描述

I'm having a terrible time getting SSL to verify a certificate. 我很难获得SSL来验证证书。 I'm completely ignorant on how certificates work so that's a major handicap to begin with. 我完全不了解证书是如何运作的,所以这是一个重大的障碍。 Here's the error I get when running the script: 这是运行脚本时出现的错误: 

c:/Ruby191/lib/ruby/1.9.1/net/http.rb:611:in `connect': SSL_connect returned=1 e
rrno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL
::SSL::SSLError)

Here's the relevant code: 这是相关的代码: 

client = Savon::Client.new order_svc

request = client.create_empty_cart { |soap, http|
  http.auth.ssl.cert_file = 'mycert.crt'
  http.auth.ssl.verify_mode = :none
  http.read_timeout = 90
  http.open_timeout = 90
  http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
  soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
  soap.body = {
      "wsdl:brand" => brand,
      "wsdl:parnter" => [
        {"open:catalogName" => catalogName, "open:partnerId" => partnerId }
      ] }.to_soap_xml

      }

Any help is appreciated. 任何帮助表示赞赏。

4 个解决方案

解决方案1
 5  2012-03-29 21:36:48

check your cert.pem and your key.pem 检查你的cert.pem和你的key.pem

the cert key should have one cert密钥应该有一个 

-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIKG1DIagAAAAAAAzANBgkqhkiG9w0BAQsFADCBvDEkMCIG
....
-----END CERTIFICATE-----

your key.pem should have 你的key.pem应该有 

-----BEGIN PRIVATE KEY-----
CSqGSIb3DQEJARYVY2Fjb250YWN0QGVzY3JlZW4uY29tMQswCQYDVQQGEwJVUzEP
....
-----END PRIVATE KEY-----

and it may have some certs in it but that doesn't matter for this case. 它可能有一些证书,但对于这种情况无关紧要。 (Although it does for me as curl doesn't work without the extra certs) The webservice I am talking to has a good root CA, but the client auth keys are not trusted so this is probably why the extra certs make curl work. (虽然它对我而言,因为curl在没有额外证书的情况下不起作用)我正在谈论的web服务具有良好的根CA,但客户端auth密钥不受信任,因此这可能是额外的证书使curl工作的原因。

getting those out of your client certificate was what caused me the problems. 从客户证书中获取这些是导致我出现问题的原因。

here is what worked for me. 这对我有用。 

openssl pkcs12 -in Client.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in Client.pfx -nodes -out key.pem

each will prompt you for the Import password and you can set a pem password if you want. 每个都会提示您输入导入密码,如果需要,您可以设置pem密码。 (you would have to set that in the ruby code later) (你必须稍后在ruby代码中设置它) 

require 'savon'
client = Savon::Client.new "https://service/Service.asmx?wsdl"
client.http.auth.ssl.cert_key_file = "key.pem"
client.http.auth.ssl.cert_file = "cert.pem"
client.http.auth.ssl.verify_mode=:peer

p client.wsdl.soap_actions

you can also test with curl 你也可以用卷曲测试 

curl -v  -E  key.pem  https://services/Service.asmx?wsdl

解决方案2
 1  2010-12-02 01:37:05

You need to provide the private key file that goes along with your certificate. 您需要提供随证书一起提供的私钥文件。 

http.auth.ssl.cert_key_file = "mycert.pem"

If your private key file is encrypted, you'll need to supply the password too: 如果您的私钥文件已加密,您还需要提供密码: 

http.auth.ssl.cert_key_password = "foobar"

解决方案3
 1  2012-02-20 14:16:30

Putting the http.auth.ssl.verify_mode = :none inside the client.request block does not work for me. http.auth.ssl.verify_mode = :none放在client.request块中对我来说不起作用。

I had to use: 我不得不使用: 

client = Savon::Client.new do |wsdl, http|
  http.auth.ssl.verify_mode = :none
  wsdl.document = #YOUR_WSDL_URL_HERE
end

Using Savon 0.9.9 and Ruby 1.9.3-p125 使用Savon 0.9.9和Ruby 1.9.3-p125

解决方案4
 -1 已采纳  2010-12-13 21:28:05

Note: I was working with test automation in lower level environments that did not have properly signed certificates and would often throw errors due to domain signatures not matching. 注意:我在较低级别的环境中使用测试自动化,这些环境没有正确签名的证书,并且由于域签名不匹配而经常会抛出错误。 For the problem at hand, bypassing signatures was a plausible solution but it is not a solution to be used for production level development. 对于手头的问题,绕过签名是一个合理的解决方案,但它不是用于生产级别开发的解决方案。

My problem is that I am trying to validate a self-signed certificate. 我的问题是我正在尝试验证自签名证书。 All I had to do was put the following code and omit anything to do with validating certificates. 我所要做的就是放下以下代码,省略与验证证书有关的任何事情。

I had to do this for both my SOAP and REST calls that were both experiencing the same issue. 我必须为我遇到同样问题的SOAP和REST调用执行此操作。

SOAP using Savon 使用Savon的SOAP 

client = Savon::Client.new order_svc

request = client.create_empty_cart { |soap, http|
  http.auth.ssl.verify_mode = :none
  http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
  soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
  soap.body = {
      "wsdl:brand" => brand,
      "wsdl:parnter" => [
        {"open:catalogName" => catalogName, "open:partnerId" => partnerId }
      ] }.to_soap_xml

      }

REST using HTTPClient 使用HTTPClient的REST 

client = HTTPClient.new
client.ssl_config.verify_mode=(OpenSSL::SSL::VERIFY_NONE)
resp = client.get(Methods)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OpenSSL :: SSL :: SSLError(连接到Paypal时,返回SSL_connect = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败) - OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed) while connecting to Paypal Heroku Rails Net :: HTTP:OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败 - Heroku Rails Net::HTTP: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败-向外部API耙任务 - OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed - rake task to external API SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书B:证书验证失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败的MAC - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:Mac上的证书验证失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on Mac SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证仅在代理时失败 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ONLY WHEN PROXYING OpenSSL::SSL::SSLError: SSL_connect SYSCALL 返回=5 errno=0 state=SSLv3 read server hello A - OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A SSL_connect SYSCALL返回= 5 errno = 0 state = SSLv3读取服务器hello A(OpenSSL :: SSL :: SSLError) - SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError) SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器问候A:错误的版本号(OpenSSL :: SSL :: SSLError) - SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM