带有Twitter的Ruby SSL在Windows 7上的证书OpenSSL问题上失败 [英] Ruby SSL with Twitter failed on cert OpenSSL issue on Windows 7
问题描述
我一直在寻找答案.很多人都有自己的答案.他们都没有为我工作.我会提供情况.
I've searched high and low for an answer to this. Many people have their own answers. None of them have worked for me. I'll provide the situation.
所以我想访问twitter,并在使用net:HTTP的post函数时收到此错误.
So I want to access twitter and upon using net:HTTP's post function I get this error.
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
是的,我知道每个人都会收到此消息.
Yes I know everyone get's this message.
这是我发现的可行解决方案.
Here are viable solutions I found.
首先;手动设置证书文件:
First; manually set the cert file:
#! /usr/bin/env ruby
require 'net/https'
require 'uri'
uri = URI.parse(ARGV[0] || 'https://localhost/')
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.join(File.dirname(__FILE__), "cacert.pem")
end
http.start {
http.request_get(uri.path) {|res|
print res.body
}
}
这是由Ariejan de Vroom通过此链接 http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/
This was provided by Ariejan de Vroom at this link http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/
许多人对此也给出了类似的答案.这对我不起作用.
Many people have given a similar answer to this. This did not work for me.
然后,我发现了一些使我走上正确道路的东西.这个家伙MislavMarohnić http://mislav.uniqpath.com/2013/07/ruby- openssl/明确了关注的领域.它与OpenSSL :: X509 :: DEFAULT_CERT_FILE和OpenSSL :: X509 :: DEFAULT_CERT_DIR有关.事实证明,它是通过其源代码硬编码到我的Ruby 1.9.3中的.米斯拉夫像这样给他做事:
Then I found something that brought me along the right path. This guy Mislav Marohnić http://mislav.uniqpath.com/2013/07/ruby-openssl/ nailed the area of concern. It has to do with OpenSSL::X509::DEFAULT_CERT_FILE and OpenSSL::X509::DEFAULT_CERT_DIR . Which turns out are hard coded into my Ruby 1.9.3 through it's source code. Mislav give's his work around like so:
require 'https'
http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/cacert.pem')
# ...or:
cert = OpenSSL::X509::Certificate.new(File.read('mycert.pem'))
http.cert_store.add_cert(cert)
我涉猎这个问题,我总是会得到这个错误
I dabbled around with this and I would always get this error
OpenSSL::X509::StoreError: cert already in hash table
Bah骗子和所有这些东西!
Bah humbug and all that stuff!
我还应该提到他写了一个脚本,该脚本应该有助于调试正在发生的事情.它可能对您有帮助,但对我而言没有帮助.链接在他的页面上.
I should also mention he has written a script that should help debug what's going on. It may help you, but not in my case. The link is on his page.
哦,是的.我也设置了
ENV['SSL_CERT_FILE']
ENV['SSL_CERT_DIR']
在我的红宝石代码中没有成功.
in my ruby code without success.
然后,我通过开始-> 控制面板-> 系统-> 高级系统在Windows中设置环境变量设置-> 高级(选项卡)-> 环境变量->系统变量新建,并添加了SSL_CERT_DIR和SSL_CERT_FILE.这也不起作用.
Then I proceeded to set the environment variables in windows by Start -> Control Panel -> System -> Advanced System Settings -> Advanced(tab) -> Environment Variables -> System variables New and added the SSL_CERT_DIR and SSL_CERT_FILE. This didn't work either.
认证的宝石对我不起作用... https://github.com/stevegraham/certified
And the certified gem didn't work for me... https://github.com/stevegraham/certified
现在,我将为您提供以下所有Windows 7用户的破解答案.
So I will now provide you with my hack answer for all you Windows 7 users out there below.
推荐答案
所以我挖了一下,基本上盯着证书的硬编码路径.通过在命令行输入
So I dug around and basically stared at the hard coded path of the certs. By typing this at the command line
ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
我得到了以下...
c:/Users/Luis/Code/openknapsack/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0k/ssl/cert.pem
因此,我的解决方案是首先从 http://curl.haxx.se/ca/cacert下载cacert.pem. pem 到c:\.然后打开 Windows控制面板-> 管理工具-> Windows PowerShell模块.然后我继续输入:
So my solution was to first download cacert.pem from http://curl.haxx.se/ca/cacert.pem to c:\ . Then open up Windows Control Panel -> Administrative Tools -> Windows PowerShell Modules. Then I proceeded to type out:
cd \
cd users
mkdir Luis
cd Luis
mkdir Code
cd Code
mkdir openknapsack
cd openknapsack
mkdir knap-build
cd knap-build
mkdir var
cd var
mkdir knapsack
cd knapsack
mkdir software
cd software
mkdir x86-windows
cd x86-windows
mkir openssl
cd openssl
mkdir 1.0.0k
cd 1.0.0k
mkdir ssl
cd ssl
cp c:\cacert.pem .\cert.pem
现在一切正常!是的,这是一个廉价的骇客,而且很丑陋.但是现在,您和我都可以重新进行认真的编码,而不必担心烦人的问题.
And now everything works! Yes it's a cheap hack and it's ugly. But now both you and I can get back to doing serious coding and not worry about pesky problems.
我知道这不是一个很好的解决方法,但这是唯一对我有用的方法,它也应该对您有用.
I know it's not a great fix, but it's the only thing that worked for me, and it should for you too.
如果有人想编写PowerShell脚本以将证书文件自动安装到此目录中,那么您可以更轻松地将Ruby项目部署到Windows 7.
If some one would like to write a PowerShell script to auto install the cert file into this directory then you could more easily deploy your Ruby project to Windows 7. Just a thought.
顺便说一句,您可以在需要时对任何操作系统重复此过程.只需找到证书文件所属的路径即可:
By the way, you can duplicate this process for any operating system should the need arise. Just find the path the cert file belongs in with:
ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
并确保重命名输出中显示的文件!
And be sure to rename the file as it appears in the ouput!
这篇关于带有Twitter的Ruby SSL在Windows 7上的证书OpenSSL问题上失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!