Shopify + Ubuntu 12.04LTS + Faraday问题=可以使用较旧的OpenSSL吗? [英] Shopify + Ubuntu 12.04LTS + Faraday issue = OK to use older OpenSSL?

问题描述

我正在使用Ubuntu 12.04LTS Desktop开发Shopify应用程序(使用shopify_app gem)，并且在处理回调URL时遇到了这个问题.

I'm using Ubuntu 12.04LTS Desktop to develop a Shopify App (using the shopify_app gem), and I ran into this problem when processing the callback URL.

Faraday::Error::ConnectionFailed (Connection reset by peer - SSL_connect)

查看shopify-app-discuss组找到的另一种方法是使用另一种较旧的OpenSSL， RVM提供的.

Looking at the shopify-app-discuss group here and here, it seems that the problem is with Ubuntu 12.04 and its OpenSSL. I tried to install the most up-to-date OpenSSL, but nothing. One alternative that I found was to use a different, older OpenSSL, one that RVM provides.

$ rvm remove 1.9.3 (or whatever version of ruby you are using)
$ rvm pkg install openssl
$ rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr

现在Shopify应用程序运行正常.它可以连接到API. (本技巧可能会帮助其他Ubuntu 12.04用户！)

And now the Shopify App is working fine. It can connect to the API. (This tip may help other Ubuntu 12.04 users!)

所以，我的问题是:这是最好的解决方案吗?我有点担心较旧的OpenSSL版本.它可能存在一些安全问题.以此开发应用程序安全吗?

So, my question is: Is this the best solution? I'm a little bit concerned about the older OpenSSL version. It might have some security issues. Is it safe to develop the app with this?

当我部署应用程序(例如Heroku)时，使用较旧的OpenSSL是否会出现安全问题?

And when I deploy the app (e.g. Heroku), is there going to be a security issue with an older OpenSSL?

提前谢谢！

推荐答案

其他建议对我们不起作用.具体来说，我们需要强制使用:SSLv3而不是:TLSv1. (对于股票Ubuntu 12.04.01 Ruby 1.9.3以及我们从Passenger PPM中使用的股票.)

The other suggestions didn't work for us. Specifically we needed to force :SSLv3 instead of :TLSv1. (For both the stock Ubuntu 12.04.01 Ruby 1.9.3 and the one that we use from the Passenger PPM.)

此外，还需要检查是否定义了@ssl_options.我从ActiveResource实现中复制了一个.

Also, there needs to be a check for @ssl_options being defined. I copied the one from the ActiveResource Implementation.

我们将其放置在config/initializers/shopify_ssl.rb中，一切都变得柔和:

We dropped this in config/initializers/shopify_ssl.rb and everything is peachy:

require 'active_resource/connection'

class ActiveResource::Connection
  def apply_ssl_options_with_ssl_version(http)
    apply_ssl_options_without_ssl_version(http)
    return http unless defined?(@ssl_options)
    http.ssl_version = @ssl_options[:ssl_version] if @ssl_options[:ssl_version]
    http
  end
  alias_method_chain :apply_ssl_options, :ssl_version
end

ShopifyAPI::Base.ssl_options = { :ssl_version => :SSLv3 }

这篇关于Shopify + Ubuntu 12.04LTS + Faraday问题=可以使用较旧的OpenSSL吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！