Heroku 上的 OpenSSL::SSL::SSLError [英] OpenSSL::SSL::SSLError on Heroku
问题描述
我正在尝试通过 Facebook 或 Twitter 对用户进行身份验证,让他们填写信息,然后单击保存(从而创建用户记录).在最后一步 - 单击保存后,我收到 OpenSSL 错误.这发生在 Devise RegistrationsController#create 方法中.
I'm trying to authenticate a user via Facebook or Twitter, get them to fill out their information, and then click save (thus creating a user record). I'm getting an OpenSSL error on that final step -- after clicking save. This happens at the Devise RegistrationsController#create method.
所以我在 Heroku 上托管的 Rails 应用程序中收到此错误:
So I'm getting this error in my Rails application, hosted on Heroku:
2012-07-28T18:25:13+00:00 app[web.1]: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
我见过很多解决方案,但没有一个奏效.以下是我尝试过的一些方法:
I've seen plenty of solutions, none of them work. Here are some things I've tried:
1) 安装certified gem
2) 将 Heroku gem 升级到 v2.30,再次推送
2) Upgrading the Heroku gem to v2.30, pushing again
3) 这个:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:scope => "publish_actions,user_location,email", :client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
似乎有一个问题可能是这个证书文件实际上并不存在——我在好几个地方见过它,而且这似乎是 Heroku 的 ca_cert 文件的默认路径,但我可能是错了.
It seems like one problem could be that this cert file doesn't actually exist -- I've seen it in several places, and it seems like that is the default path to the ca_cert file for Heroku, but I could be wrong.
奇怪的是,这发生在之后我已经通过 FB/Twitter 进行了身份验证,并且正在尝试创建一个用户帐户.为什么会这样,我该如何解决/调试这个问题?真诚的困惑.
Oddly enough, this is happening after I've already authenticated via FB/Twitter, and am trying to create a user's account. Why would this be, and how can I solve/debug this? Sincerely confused.
更新: 我将此行添加到 Omniauth 初始值设定项,现在它有效"了.因此,我已经诊断出问题出在 Omniauth 上.但是,我仍然希望进行 SSL 验证……这显然会留下安全漏洞.
Update: I added this line to the Omniauth initializer, and now it "works". Thus I've diagnosed the problem is with Omniauth. However, I'd like to still have the SSL verification... this obviously leaves a security gap.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
推荐答案
经过一番搜索,我找到了:
After some searching here is what I found:
如果您使用 Ruby 通过 https 打开与外部服务器的连接,例如.Facebook Graph API,您可能会遇到以下错误:
If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:
OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed
此错误是由于 Ruby 无法找到用于验证安全 Web 服务器真实性的证书颁发机构证书 (CA 证书).解决方案是将这个 ca-bundle.crt 下载到您的应用程序的 lib/代码>目录:然后在config/initializers/fix_ssl.rb中加入如下代码:
This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory:
Then add the following code to config/initializers/fix_ssl.rb:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
这应该会强制 ruby 使用您应用程序的 lib/目录中的 CA 包.
This should force ruby to use the CA bundle from your application’s lib/ directory.
取自:http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
更新:
根据您的系统,您可能需要使用 self.ca_path= 而不是 self.ca_file=.
You may need to use self.ca_path= instead of self.ca_file= depending on your system.
这篇关于Heroku 上的 OpenSSL::SSL::SSLError的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
