[英]connect: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I'm having a terrible time getting SSL to verify a certificate. 我很难获得SSL来验证证书。 I'm completely ignorant on how certificates work so that's a major handicap to begin with.
我完全不了解证书是如何运作的,所以这是一个重大的障碍。 Here's the error I get when running the script:
这是运行脚本时出现的错误:
c:/Ruby191/lib/ruby/1.9.1/net/http.rb:611:in `connect': SSL_connect returned=1 e
rrno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL
::SSL::SSLError)
Here's the relevant code: 这是相关的代码:
client = Savon::Client.new order_svc
request = client.create_empty_cart { |soap, http|
http.auth.ssl.cert_file = 'mycert.crt'
http.auth.ssl.verify_mode = :none
http.read_timeout = 90
http.open_timeout = 90
http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
soap.body = {
"wsdl:brand" => brand,
"wsdl:parnter" => [
{"open:catalogName" => catalogName, "open:partnerId" => partnerId }
] }.to_soap_xml
}
Any help is appreciated. 任何帮助表示赞赏。
check your cert.pem and your key.pem 检查你的cert.pem和你的key.pem
the cert key should have one cert密钥应该有一个
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIKG1DIagAAAAAAAzANBgkqhkiG9w0BAQsFADCBvDEkMCIG
....
-----END CERTIFICATE-----
your key.pem should have 你的key.pem应该有
-----BEGIN PRIVATE KEY-----
CSqGSIb3DQEJARYVY2Fjb250YWN0QGVzY3JlZW4uY29tMQswCQYDVQQGEwJVUzEP
....
-----END PRIVATE KEY-----
and it may have some certs in it but that doesn't matter for this case. 它可能有一些证书,但对于这种情况无关紧要。 (Although it does for me as curl doesn't work without the extra certs) The webservice I am talking to has a good root CA, but the client auth keys are not trusted so this is probably why the extra certs make curl work.
(虽然它对我而言,因为curl在没有额外证书的情况下不起作用)我正在谈论的web服务具有良好的根CA,但客户端auth密钥不受信任,因此这可能是额外的证书使curl工作的原因。
getting those out of your client certificate was what caused me the problems. 从客户证书中获取这些是导致我出现问题的原因。
here is what worked for me. 这对我有用。
openssl pkcs12 -in Client.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in Client.pfx -nodes -out key.pem
each will prompt you for the Import password and you can set a pem password if you want. 每个都会提示您输入导入密码,如果需要,您可以设置pem密码。 (you would have to set that in the ruby code later)
(你必须稍后在ruby代码中设置它)
require 'savon'
client = Savon::Client.new "https://service/Service.asmx?wsdl"
client.http.auth.ssl.cert_key_file = "key.pem"
client.http.auth.ssl.cert_file = "cert.pem"
client.http.auth.ssl.verify_mode=:peer
p client.wsdl.soap_actions
you can also test with curl 你也可以用卷曲测试
curl -v -E key.pem https://services/Service.asmx?wsdl
You need to provide the private key file that goes along with your certificate. 您需要提供随证书一起提供的私钥文件。
http.auth.ssl.cert_key_file = "mycert.pem"
If your private key file is encrypted, you'll need to supply the password too: 如果您的私钥文件已加密,您还需要提供密码:
http.auth.ssl.cert_key_password = "foobar"
Putting the http.auth.ssl.verify_mode = :none
inside the client.request
block does not work for me. 将
http.auth.ssl.verify_mode = :none
放在client.request
块中对我来说不起作用。
I had to use: 我不得不使用:
client = Savon::Client.new do |wsdl, http|
http.auth.ssl.verify_mode = :none
wsdl.document = #YOUR_WSDL_URL_HERE
end
Using Savon 0.9.9 and Ruby 1.9.3-p125 使用Savon 0.9.9和Ruby 1.9.3-p125
Note: I was working with test automation in lower level environments that did not have properly signed certificates and would often throw errors due to domain signatures not matching.
注意:我在较低级别的环境中使用测试自动化,这些环境没有正确签名的证书,并且由于域签名不匹配而经常会抛出错误。 For the problem at hand, bypassing signatures was a plausible solution but it is not a solution to be used for production level development.
对于手头的问题,绕过签名是一个合理的解决方案,但它不是用于生产级别开发的解决方案。
My problem is that I am trying to validate a self-signed certificate. 我的问题是我正在尝试验证自签名证书。 All I had to do was put the following code and omit anything to do with validating certificates.
我所要做的就是放下以下代码,省略与验证证书有关的任何事情。
I had to do this for both my SOAP and REST calls that were both experiencing the same issue. 我必须为我遇到同样问题的SOAP和REST调用执行此操作。
SOAP using Savon 使用Savon的SOAP
client = Savon::Client.new order_svc
request = client.create_empty_cart { |soap, http|
http.auth.ssl.verify_mode = :none
http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
soap.body = {
"wsdl:brand" => brand,
"wsdl:parnter" => [
{"open:catalogName" => catalogName, "open:partnerId" => partnerId }
] }.to_soap_xml
}
REST using HTTPClient 使用HTTPClient的REST
client = HTTPClient.new
client.ssl_config.verify_mode=(OpenSSL::SSL::VERIFY_NONE)
resp = client.get(Methods)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.