SSLCaertBadFile错误heroku遏制 [英] SSLCaertBadFile error heroku curb

问题描述

我有一个rake任务，通过外部API通过SSL连接来提取和解析JSON数据。

我使用封装了这个外部API的gem，并且本地运行没有问题，但是在heroku上运行时使用＃< Curl时，任务失败:: Err :: SSLCaertBadFile :: Curl :: Err :: SSLCaertBadFile>

我安装了piggyback SSL插件，希望它可以修复它，但没有骰子。

有什么想法？

更新

我设法通过禁止以前由以下两个字段设置的curl请求ssl验证来解决此问题：

  request.ssl_verify_peer 
 request.ssl_verify_host 
  

我对SSL知之甚少究竟是为什么这些错误是由这些设置在一个heroku环境中引起的，或者除了降低安全性之外，禁用这些设置的影响。

解决方案

禁用证书检查是一个坏主意。请参阅 http：//www.rubyinside。 com / how-to-cure-nethttps-risky-default-https-behavior-4010.html ， http://jamesgolick.com/2011/2/15/verify-none..html 以及关于该主题的更多相关参考资料。

问题是您的HTTP客户端不知道在哪里找到Heroku上的CA证书包。

您没有提及您的客户端正在使用，但以下是在heroku上使用 net / https 的示例：

  requirenet / https
 requireuri
 
 root_ca_path =/ etc / ssl / certs
 $ b $ url = URI.parsehttps ：//example.com
 http = Net :: HTTP.new（url.host，url.port）
 http.use_ssl =（url.scheme ==https）
 
 if（File.directory?(root_ca_path）&& http.use_ssl？）
 http.ca_path = root_ca_path 
 http.verify_mode = OpenSSL :: SSL :: VERIFY_PEER 
 http.verify_depth = 5 
 end 
 
 request = Net :: HTTP :: Get.new（url.path）
 response = http.request（request）
  

下面是一个使用 Faraday ：

 法拉第。新的https://example.com，ssl：{ca_path：/ etc / ssl / certs} 
  

祝你好运。

I have a rake task that pulls and parses JSON data over an SSL connection from an external API.

I use a gem that wraps this external API and have no problems running locally, but the task fails when run on heroku with #<Curl::Err::SSLCaertBadFile: Curl::Err::SSLCaertBadFile>

I installed the piggyback SSL add-on, hoping it might fix it, but no dice.

Any ideas?

UPDATE

I managed to fix it by disabling ssl verification on the curl request previously set by the following two fields:

request.ssl_verify_peer
request.ssl_verify_host

I don't know enough about SSL to know exactly why the error was caused by these settings in a heroku environment or what the implications of disabling this are, aside from reduced security.

解决方案

It is a bad idea to disable certificate checking. See http://www.rubyinside.com/how-to-cure-nethttps-risky-default-https-behavior-4010.html, http://jamesgolick.com/2011/2/15/verify-none..html and associated references for more on that topic.

The issue is that your HTTP client doesn't know where to find the CA certificates bundle on heroku.

You don't mention what client you are using, but here is an example for using net/https on heroku:

require "net/https"
require "uri"

root_ca_path = "/etc/ssl/certs"

url = URI.parse "https://example.com"
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = (url.scheme == "https")

if (File.directory?(root_ca_path) && http.use_ssl?)
  http.ca_path = root_ca_path
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.verify_depth = 5
end

request = Net::HTTP::Get.new(url.path)
response = http.request(request)

Here is an example using Faraday:

Faraday.new "https://example.com", ssl: { ca_path: "/etc/ssl/certs" }

Good luck.

这篇关于SSLCaertBadFile错误heroku遏制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！