如何在 open-uri 中绕过 SSL 证书验证? [英] How to bypass SSL certificate verification in open-uri?

问题描述

我尝试通过 https 连接访问带有 open-uri 的文件.不幸的是，证书有问题，我收到证书验证失败错误.我对此无能为力，所以我必须绕过验证.

I try to access a file with open-uri over an https connection. Unfortunately somethings wrong with the certificate, I get a certificate verify failed error. I can't do anything about that, so I have to bypass the verification.

我发现了这个答案

我不想/无法更改服务器上的 oen-uri.rb，而且我运行的是 Ruby 1.8.6.

I don't want to / can't change the oen-uri.rb on the server, and I'm running Ruby 1.8.6.

如何更改验证模式?或者更确切地说，我应该在哪里更改它?

How do I change the verify mode? Or more exactly where do I change it?

我可以把它放在哪里?

if target.class == URI::HTTPS  
 require 'net/https'  
 http.use_ssl = true   
 http.verify_mode = OpenSSL::SSL::VERIFY_NONE  
 store = OpenSSL::X509::Store.new  
 store.set_default_paths  
 http.cert_store = store
end

或者肮脏的黑客:我可以把它放在哪里?

or the dirty hack: where can I put this?

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

推荐答案

警告，请勿在生产中执行此操作，您正在以这种方式完全禁用 SSL.

如果你真的不想要使用证书验证的额外安全性，并且可以升级到 Ruby 1.9.3p327+，你可以将 ssl_verify_mode 选项传递给 open方法.例如，我是这样做的:

If you really don't want the additional security of using certificate verification, and can upgrade to Ruby 1.9.3p327+, you can pass the ssl_verify_mode option to the open method. Here for example is how I'm doing it:

request_uri=URI.parse('myuri?that_has=params&encoded=in_it&optionally=1')

# The params incidentally are available as a String, via request_uri.query
output = open(request_uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE})
obj = JSON.parse output.readlines.join("")

这篇关于如何在 open-uri 中绕过 SSL 证书验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！