CentOS 6.2 上的 Ruby OpenSSL::SSL::SSLError

【问题标题】:Ruby OpenSSL::SSL::SSLError on CentOS 6.2CentOS 6.2 上的 Ruby OpenSSL::SSL::SSLError
【发布时间】:2014-07-02 10:48:50
【问题描述】:

我正在尝试在 CentOS 6.2 中运行以下代码(取自 codeacademy):

require 'rubygems'
require 'oauth'



# Change the following values to those provided on dev.twitter.com

# The consumer key identifies the application making the request.

# The access token identifies the user making the request.

consumer_key = OAuth::Consumer.new(

    "MY_KEY",

    "MY_SECRET")

access_token = OAuth::Token.new(

    "STRING1",

    "STRING2")


# All requests will be sent to this server.

baseurl = "https://api.twitter.com"



# The verify credentials endpoint returns a 200 status if

# the request is signed correctly.

address = URI("#{baseurl}/1.1/account/verify_credentials.json")



# Set up Net::HTTP to use SSL, which is required by Twitter.

http = Net::HTTP.new address.host, address.port

http.use_ssl = true

http.verify_mode = OpenSSL::SSL::VERIFY_PEER


# Build the request and authorize it with OAuth.

request = Net::HTTP::Get.new address.request_uri

request.oauth! http, consumer_key, access_token


# Issue the request and return the response.

http.start

response = http.request request

puts "The response status was #{response.code}"

并得到以下错误信息:

/usr/lib/ruby/1.8/net/http.rb:586:in `connect': SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书B:证书验证 失败(OpenSSL::SSL::SSLError)

密钥已被省略(毕竟它们是秘密的),但我使用的是正确的。 安装了必要的 gem。

可能是什么问题?

【问题讨论】:

    标签: ruby openssl centos


    【解决方案1】: 
    http = Net::HTTP.new address.host, address.port
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
...

    你还需要:

    http.ca_file = File.join(File.dirname(__FILE__), "ca-cert.pem")

    自从它的高音:

    $ openssl s_client -connect api.twitter.com:443
CONNECTED(00000003)
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=Twitter Security/CN=api.twitter.com
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
...

    您需要顶级颁发者(i:,级别 1),即威瑞信 Class 3 Public Primary Certification Authority - G5。您可以从Public Root CA - VeriSign 获得。文件名为PCA-3G5.pem

    下载根后,您可以再次运行s_client,服务器证书将验证:

    $ openssl s_client -connect api.twitter.com:443 -CAfile PCA-3G5.pem

    【讨论】:

    • 谢谢,我试试看
    猜你喜欢
    • 1970-01-01
    • 2012-07-27
    • 2012-04-23
    • 2019-05-28
    • 1970-01-01
    • 2012-08-30
    • 1970-01-01
    • 1970-01-01
    • 2014-08-31
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode