使用 Ruby 1.9.3 时出现“证书验证失败”OpenSSL 错误
[英]"Certificate verify failed" OpenSSL error when using Ruby 1.9.3
问题描述
I'm using Ruby 1.9.3p0 on Mac OS 10.6.8 (installed using rvm).
我在 Mac OS 10.6.8(使用 rvm 安装)上使用 Ruby 1.9.3p0。 When I attempt to create a new Rails application using an application template hosted on GitHub , with this (for example):当我尝试使用托管在 GitHub 上的应用程序模板创建新的 Rails 应用程序时,(例如):
$ rails new myapp -m https://github.com/RailsApps/rails3-application-templates/raw/master/rails3-mongoid-devise-template.rb -T -O
I get this error message:我收到此错误消息:
/Users/me/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I understand the Ruby language interpreter is using OpenSSL to connect to GitHub to request the application template file.我了解 Ruby 语言解释器正在使用 OpenSSL 连接到 GitHub 以请求应用程序模板文件。 GitHub requires all connections to be made using SSL. GitHub 要求使用 SSL 进行所有连接。 The connection failed because OpenSSL was unable to verify the server certificate.连接失败,因为 OpenSSL 无法验证服务器证书。
I was able to resolve the issue by downloading a certificates file:我能够通过下载证书文件来解决这个问题:
$ cd /opt/local/etc/openssl $ sudo curl -O http://curl.haxx.se/ca/cacert.pem $ sudo mv cacert.pem cert.pem
I had no problem using Ruby 1.9.2.我使用 Ruby 1.9.2 没有问题。 Why did I get the "certificate verify failed" problem for Ruby 1.9.3?为什么我会遇到 Ruby 1.9.3 的“证书验证失败”问题? Is this a Ruby 1.9.3 bug?这是 Ruby 1.9.3 的错误吗? Is it specific to Mac OS 10.6.8?它特定于 Mac OS 10.6.8 吗? Is my solution the right way to resolve this?我的解决方案是解决这个问题的正确方法吗?
7 个解决方案
解决方案1
21 已采纳
There are lots of moving parts involved in the correct answer.正确答案涉及许多活动部分。 Depends on your OS, Ruby version, OpenSSL version, Rubygems version.取决于您的操作系统、Ruby 版本、OpenSSL 版本、Rubygems 版本。 I ended up writing an article after researching it.我在研究后最终写了一篇文章。 My article explains the reasons for the error, offers steps for further diagnosis, shows several workarounds, and suggests possible solutions.我的文章解释了错误的原因,提供了进一步诊断的步骤,展示了几种解决方法,并提出了可能的解决方案。 This will be helpful:这会很有帮助:
OpenSSL Errors and Rails – Certificate Verify Failed OpenSSL 错误和 Rails – 证书验证失败
There are also links to the relevant commits and issues on GitHub. GitHub 上还有指向相关提交和问题的链接。
解决方案2
13 2013-05-24 18:47:26
For me this occurred on OS X with homebrew after updating to the latest RVM (rvm 1.20.12) and then installing ruby-1.9.3-p429.对我来说,这是在更新到最新的 RVM(rvm 1.20.12)然后安装 ruby-1.9.3-p429 后使用自制软件在 OS X 上发生的。 I could reproduce the issue simply by running:我可以通过运行简单地重现这个问题:
$ rvm use ruby-1.9.3-p429
$ irb
1.9.3p429 :001 > require 'open-uri'; open 'https://google.com'
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `block in connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:55:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:100:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:756:in `do_start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:306:in `open_http'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:775:in `buffer_open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:203:in `block in open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `catch'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:146:in `open_uri'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:677:in `open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:33:in `open'
from (irb):1
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/bin/irb:16:in `<main>'1.9.3p429 :002 >
The solution was similar to that in the question, but the path was wrong.解决方案与问题中的类似,但路径错误。 Running this fixed it:运行此修复它:
curl https://curl.haxx.se/ca/cacert.pem -o /usr/local/etc/openssl/cert.pem
The clue as to the correct path was that when I was installing ruby-1.9.3-p429 via RVM this showed in the output:关于正确路径的线索是,当我通过 RVM 安装 ruby-1.9.3-p429 时,这显示在输出中:
Certificates in '/usr/local/etc/openssl/cert.pem' already are up to date.
I had the /usr/local/etc/openssl path, but no cert.pem file in that directory, so I'm not sure why RVM claimed the certificates were up to date.我有/usr/local/etc/openssl路径,但该目录中没有cert.pem文件,所以我不确定为什么 RVM 声称证书是最新的。 It would be nice to know why I had to do this in first place, but I don't have time to investigate now.很高兴知道为什么我必须首先这样做,但我现在没有时间进行调查。
解决方案3
11 2012-05-25 06:49:03
I had the same problem, having compiled my RVM Ruby against an RVM install of OpenSSL.我遇到了同样的问题,针对 OpenSSL 的 RVM 安装编译了我的 RVM Ruby。 I moved the cacerts.pem file as downloaded by the original poster under ~/.rvm/usr/ssl/cert.pem to make the problem go away.我将原始海报下载的 cacerts.pem 文件移动到 ~/.rvm/usr/ssl/cert.pem 下,以使问题消失。
解决方案4
2 2012-02-18 18:09:50
I was having the same problem.我遇到了同样的问题。
The way I finally fixed it was by upgrading my version of OpenSSL I had installed through MacPorts.我最终修复它的方法是升级我通过 MacPorts 安装的 OpenSSL 版本。 I was running a version of OpenSSL from 2009 so I have upgraded my MacPorts installation then upgraded my OpenSSL installtion via the ports command line interface and the error disappeared.我运行的是 2009 年的 OpenSSL 版本,因此我升级了 MacPorts 安装,然后通过ports命令行界面升级了 OpenSSL 安装,错误消失了。
There must be some integration between Ruby/Rails and OpenSSL on Mac based installations that goes without saying.在基于 Mac 的安装上,Ruby/Rails 和 OpenSSL 之间必须有一些集成,这是不言而喻的。 In my case I was having problems getting the Login with Facebook to work properly when Facebook was sending the oAuth/Login token back to my app, Devise & OmniAuth must have needed a valid SSL cert for graph.facebook.com which wasn't in my old version of OpenSSL.在我的情况下,当 Facebook 将 oAuth/Login 令牌发送回我的应用程序时,我在使用 Facebook 登录才能正常工作时遇到问题,Devise & OmniAuth 必须需要一个有效的用于graph.facebook.com SSL 证书, graph.facebook.com该证书不在我的旧版本 OpenSSL。
解决方案5
1 2013-08-25 11:40:25
Openssl certification directory is /usr/lib/ssl/ in Debian. Openssl 认证目录在 Debian 中为/usr/lib/ssl/ 。 So, following three lines was enough for me,所以,以下三行对我来说就足够了,
$ cd /usr/lib/ssl/
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem
解决方案6
0 2016-02-16 10:26:30
I had a similar issue but not on Rails, but on just Ruby on Windows.我有一个类似的问题,但不是在 Rails 上,而是在 Windows 上的 Ruby 上。 I resolved it by using the cacert.pem certificate and setting the location of the certificate to the environmental variable "SSL_CERT_FILE"我通过使用cacert.pem证书并将证书的位置设置为环境变量“SSL_CERT_FILE”来解决它
Detailed answer here: https://stackoverflow.com/a/35429863/4747587详细答案在这里: https : //stackoverflow.com/a/35429863/4747587
解决方案7
0 2011-11-12 02:46:51
It could possibly be because of how you built 1.9.2 and 1.9.3 — maybe whatever tool you used to build each configured things slightly differently.这可能是因为你构建 1.9.2 和 1.9.3 的方式——也许你用来构建每个配置的东西的工具略有不同。 Or maybe they use different versions of OpenSSL.或者他们可能使用不同版本的 OpenSSL。
Here is the only potentially relevant change I could spot to Net:HTTP between 1.9.2 and 1.9.3这是我能发现的 Net:HTTP 在 1.9.2 和 1.9.3 之间唯一可能相关的变化
require 'net/protocol'
-autoload :OpenSSL, 'openssl'
require 'uri'
+autoload :OpenSSL, 'openssl'
(if you want to view the diff...) (如果您想查看差异...)
git clone https://github.com/ruby/ruby.git cd ruby git diff origin/ruby_1_9_2 origin/ruby_1_9_3 -- http.rb
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.