无法在Mac OS上安装任何红宝石宝石-SSL_connect错误 [英] Cannot install any ruby gems on Mac OS - SSL_connect error

问题描述

我的环境是Mac OS 10.10.5，ruby版本2.2.4(或2.2.2或2.2.0)gem(升级后)是2.6.7，rvm版本1.27.0.

My environment is Mac OS 10.10.5, ruby version 2.2.4 (or 2.2.2 or 2.2.0) gem (after upgrade) is 2.6.7, rvm version 1.27.0.

即使在过去的几天中，它也有多个重复项，但这是我无法在评论中提供的更多信息.

This has several duplicates even in the last few days but this is more information than I can put in a comment.

在任何版本的红宝石上安装任何宝石时，我都会得到以下信息:

When installing any gems on any version of ruby I get the following:

$ gem install bundler
ERROR:  Could not find a valid gem 'bundler' (>= 0), here is why:
          Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

关于此的信息很多，尤其是对于Windows上的问题.请参阅 http://guides.rubygems.org/ssl-certificate-update/建议的解决方案.我遵循此步骤，但是我仍然遇到相同的错误.

There is a lot of information about this available, especially for problems on Windows. See http://guides.rubygems.org/ssl-certificate-update/ for the proposed solution. I follow this but I continue to get the same error.

问题似乎出在尚未完全清楚的适当位置获取文件GlobalSignRootCA.pem.上面的链接说明了如何找到合适的ssl_certs目录，该目录在我的系统中有2个，但都不起作用.

The problem seems to be in getting the file GlobalSignRootCA.pem in the appropriate place which is not entirely clear. The above link explains how to find the appropriate ssl_certs directory, of which there are 2 in my system, but neither work.

我忘记了我在哪里学到的知识:

I forget where I learned the following:

$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_DIR'
/etc/openssl/certs
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/etc/openssl/cert.pem

可能已经给出了提示，但是将.pem文件附加到后者或复制到前者没有效果.

which might have given a hint but appending the .pem file to the latter or copying to the former have no effect.

当我重新安装openssl(homebrew)时，它会告诉我:

When I re-install openssl (homebrew), it helpfully tells me:

A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

但这也不能解决问题.

来自另一个SO问题:

rvm osx-ssl-certs update all

不起作用.也没有:

security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

有人知道如何了解红宝石在这里的期望吗?它在哪里想要这个文件，或者甚至是它想要的文件?我应该将.pem文件导入OSX钥匙串吗?怎么做到的?

Does anyone know how to get a sense of what rubygems expects here? Where does it want this file or is this even the file it wants? Should I import the .pem file into the OSX keychain? How does one do that?

还是有一种获取gem文件并将其安装在本地的方法? rubygems这样做对rubygems本身很有帮助，但对我所知的单个宝石却无济于事.

Or is there a way to get the gem file and install it locally? rubygems does this helpfully for rubygems itself but not for the individual gems from what I can tell.

-解决方法

好的-哪里可以找到宝石的答案:转到https://rubygems.org/gems/[package name]并选择一个版本并下载-当前在右侧链接下.下载文件并gem install --local [downloaded gem file].加上所有依赖项.

Okay - the answer to the question of where to get the gem: go to https://rubygems.org/gems/[package name] and select a version and go to download - currently under links on the right hand side. Download the file and gem install --local [downloaded gem file]. Plus all the dependencies.

要自动化:

# start by adding insecure source for --explain - thanks to @tnum
gem source -a http://rubygems.org/
while read x 
do
wget https://rubygems.org/downloads/$x.gem
gem install --local $x.gem 
rm $x.gem
done < <(gem install --explain [package name] | grep "^  ")
# remove insecure source
gem source -r http://rubygems.org/

更好的grep regex可以缓解某些安全性不足的问题，但是它仍然是不安全的.请注意，wget https://起作用，因此ssl问题肯定与rubygems有关.

Some of the lack of security could be mitigated by a better grep regex but it is still insecure. Note that wget https:// works so the ssl problem is definitely with rubygems.

推荐答案

我遇到了同样的问题，并使用了以下解决方法"- 进入您的Rails应用程序目录并运行以下

I had the same issue and used the following 'work around'- cd into your rails app directory and run the following

gem source -a http://rubygems.org/ 

当您运行'gem install ...'命令时，它将使用不安全的http连接而不是安全的https.这不是理想的方法，但这是短期的解决方法.

This will use the insecure http connection rather than the secure https when you run the 'gem install...' command. It's not ideal but it is a short term work around.

您可能还需要从

source 'https://rubygems.org'

到

source 'http://rubygems.org'

这篇关于无法在Mac OS上安装任何红宝石宝石-SSL_connect错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！