OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败 [英] OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
问题描述
我使用RVM通过在Ubuntu 12.04上安装Ruby 1.9.3
I used RVM to install Ruby 1.9.3 on Ubuntu 12.04 by doing
rvm pkg install openssl
rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr
然后当我尝试运行以下内容时:
And then when I try to run something along the lines of:
require 'open-uri'
open('https://www.google.com/')
我收到错误:OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
我该如何解决?我在OSX中有很多类似的线程,人们都遇到了这个问题,但是如何在Ubuntu中解决呢?
How do I solve this? I have many similar threads where people have this problem in OSX, but how do I resolve it in Ubuntu?
感谢您的帮助.
推荐答案
如果未使用本机OpenSSL库正确设置默认的"OpenSSL目录",则有时会发生这种情况. open-uri使用OpenSSL::X509::Store#set_default_paths来告诉OpenSSL在OpenSSL目录中查找包含默认情况下OpenSSL信任的受信任根证书的文件.
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
在您的情况下,此查找失败.您可以通过设置覆盖默认设置的环境变量来使它成功,并告诉OpenSSL在该目录中查找:
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
这是我的Fedora 16 64位上根CA捆绑包的默认位置,其他受欢迎的位置是/etc/ssl/ca-bundle.crt等.在您的情况下,RVM使用的OpenSSL库位于$ rvm_path中/usr,因此您应该在此处查找缺省的根CA文件的合适候选者.正确设置环境变量后,对open-uri的调用将成功.
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.
要使环境变量永久存在,请使用常规方法,例如在.bashrc,/etc/profile中定义导出,或根据您的情况选择最合适的方法.
To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
这篇关于OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
