带有Twitter的Ruby SSL在Windows 7上的证书OpenSSL问题上失败 [英] Ruby SSL with Twitter failed on cert OpenSSL issue on Windows 7

问题描述

我一直在寻找答案.很多人都有自己的答案.他们都没有为我工作.我会提供情况.

I've searched high and low for an answer to this. Many people have their own answers. None of them have worked for me. I'll provide the situation.

所以我想访问twitter，并在使用net:HTTP的post函数时收到此错误.

So I want to access twitter and upon using net:HTTP's post function I get this error.

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

是的，我知道每个人都会收到此消息.

Yes I know everyone get's this message.

这是我发现的可行解决方案.

Here are viable solutions I found.

首先；手动设置证书文件:

First; manually set the cert file:

#! /usr/bin/env ruby
require 'net/https'
require 'uri'

uri = URI.parse(ARGV[0] || 'https://localhost/')
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.ca_file = File.join(File.dirname(__FILE__), "cacert.pem")
end
http.start {
  http.request_get(uri.path) {|res|
    print res.body
  }
}

这是由Ariejan de Vroom通过此链接 http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/

This was provided by Ariejan de Vroom at this link http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/

许多人对此也给出了类似的答案.这对我不起作用.

Many people have given a similar answer to this. This did not work for me.

然后，我发现了一些使我走上正确道路的东西.这个家伙MislavMarohnić http://mislav.uniqpath.com/2013/07/ruby- openssl/明确了关注的领域.它与OpenSSL :: X509 :: DEFAULT_CERT_FILE和OpenSSL :: X509 :: DEFAULT_CERT_DIR有关.事实证明，它是通过其源代码硬编码到我的Ruby 1.9.3中的.米斯拉夫像这样给他做事:

Then I found something that brought me along the right path. This guy Mislav Marohnić http://mislav.uniqpath.com/2013/07/ruby-openssl/ nailed the area of concern. It has to do with OpenSSL::X509::DEFAULT_CERT_FILE and OpenSSL::X509::DEFAULT_CERT_DIR . Which turns out are hard coded into my Ruby 1.9.3 through it's source code. Mislav give's his work around like so:

require 'https'

http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER

http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/cacert.pem')
# ...or:
cert = OpenSSL::X509::Certificate.new(File.read('mycert.pem'))
http.cert_store.add_cert(cert)

我涉猎这个问题，我总是会得到这个错误

I dabbled around with this and I would always get this error

OpenSSL::X509::StoreError: cert already in hash table

Bah骗子和所有这些东西！

Bah humbug and all that stuff!

我还应该提到他写了一个脚本，该脚本应该有助于调试正在发生的事情.它可能对您有帮助，但对我而言没有帮助.链接在他的页面上.

I should also mention he has written a script that should help debug what's going on. It may help you, but not in my case. The link is on his page.

哦，是的.我也设置了

ENV['SSL_CERT_FILE']
ENV['SSL_CERT_DIR']

在我的红宝石代码中没有成功.

in my ruby code without success.

然后，我通过开始-> 控制面板-> 系统-> 高级系统在Windows中设置环境变量设置-> 高级(选项卡)-> 环境变量->系统变量新建，并添加了SSL_CERT_DIR和SSL_CERT_FILE.这也不起作用.

Then I proceeded to set the environment variables in windows by Start -> Control Panel -> System -> Advanced System Settings -> Advanced(tab) -> Environment Variables -> System variables New and added the SSL_CERT_DIR and SSL_CERT_FILE. This didn't work either.

认证的宝石对我不起作用... https://github.com/stevegraham/certified

And the certified gem didn't work for me... https://github.com/stevegraham/certified

现在，我将为您提供以下所有Windows 7用户的破解答案.

So I will now provide you with my hack answer for all you Windows 7 users out there below.

推荐答案

所以我挖了一下，基本上盯着证书的硬编码路径.通过在命令行输入

So I dug around and basically stared at the hard coded path of the certs. By typing this at the command line

ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

我得到了以下...

c:/Users/Luis/Code/openknapsack/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0k/ssl/cert.pem

因此，我的解决方案是首先从 http://curl.haxx.se/ca/cacert下载cacert.pem. pem 到c:\.然后打开 Windows控制面板-> 管理工具-> Windows PowerShell模块.然后我继续输入:

So my solution was to first download cacert.pem from http://curl.haxx.se/ca/cacert.pem to c:\ . Then open up Windows Control Panel -> Administrative Tools -> Windows PowerShell Modules. Then I proceeded to type out:

cd \
cd users
mkdir Luis
cd Luis
mkdir Code
cd Code
mkdir openknapsack
cd openknapsack
mkdir knap-build
cd knap-build
mkdir var
cd var
mkdir knapsack
cd knapsack
mkdir software
cd software
mkdir x86-windows
cd x86-windows
mkir openssl
cd openssl
mkdir 1.0.0k
cd 1.0.0k
mkdir ssl
cd ssl
cp c:\cacert.pem .\cert.pem

现在一切正常！是的，这是一个廉价的骇客，而且很丑陋.但是现在，您和我都可以重新进行认真的编码，而不必担心烦人的问题.

And now everything works! Yes it's a cheap hack and it's ugly. But now both you and I can get back to doing serious coding and not worry about pesky problems.

我知道这不是一个很好的解决方法，但这是唯一对我有用的方法，它也应该对您有用.

I know it's not a great fix, but it's the only thing that worked for me, and it should for you too.

如果有人想编写PowerShell脚本以将证书文件自动安装到此目录中，那么您可以更轻松地将Ruby项目部署到Windows 7.

If some one would like to write a PowerShell script to auto install the cert file into this directory then you could more easily deploy your Ruby project to Windows 7. Just a thought.

顺便说一句，您可以在需要时对任何操作系统重复此过程.只需找到证书文件所属的路径即可:

By the way, you can duplicate this process for any operating system should the need arise. Just find the path the cert file belongs in with:

ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

并确保重命名输出中显示的文件！

And be sure to rename the file as it appears in the ouput!

这篇关于带有Twitter的Ruby SSL在Windows 7上的证书OpenSSL问题上失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！