API请求-OpenSSL :: SSL :: SSLError:SSL_connect SYSCALL返回= 5 errno = 0状态= SSLv3读取服务器问候A [英] API Request - OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
问题描述
这些问题中的另一个,我知道这个问题在 StackOverflow 上被问过(和回答)了很多,但我无法让其中任何一个对我有用,我也有一些我想学习的问题
Another of of these questions, I know this question has been asked (and answered) a lot on StackOverflow, but I can't get any of those to work for me and I also have a few questions I would like to learn.
这是我的错误:
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
首先,这是我的系统设置.
To start, here is my system settings.
我正在使用OSX El Capitan版本10.11.6
I am on OSX El Capitan version 10.11.6
openssl version
OpenSSL 0.9.8zh 14 Jan 2016
which openssl
/usr/bin/openssl
ruby -v
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-darwin14.0]
rbenv -v
rbenv 0.4.0
我的问题是这些:
1)此错误是否表示已将证书发回给我,然后我的OpenSSL版本无法对其进行验证?另一台服务器是否有机会阅读我的,甚至看不到它?除了打开诸如Wireshark之类的程序之外,是否有一种方法可以使用Net :: HTTP来深入研究并检查此请求?一旦我打电话给net :: HTTP.new.request(request),我似乎就会失去控制,这只是错误.
1) Does this error mean that a certificate was sent back to me, and then my OpenSSL version was unable to verify it? Did the other server have a chance to read mine, or even see it yet? Is there a way to dig into this request using Net::HTTP and inspect this other than opening up a program like Wireshark? Once I call net::HTTP.new.request(request) I seem to lose control and it just errors.
2)我什至没有成功与另一台服务器通信,但它拒绝了我?
2) Did I even successfully talk to the other server, and it denied me?
3)当我收到此消息时,我在请求中的什么位置?
3) At what point in the request am I in when I get this message?
最重要的
4)我要克服这一点有什么选择
4) What are my options to get past this point
- 4a.到目前为止,我看到了可能的冲泡解决方案,但是我还无法获得冲泡的链接
- 4b.我可以手动将Mozilla的CA(或任何其他CA)安装到我的Mac OSX钥匙串中
- 4c.我可以在代码中尝试使用request.ca_file ="file"附加文件吗?(请参见下文)
- 4d.还有其他解决方案/最佳和最政治上正确的版本吗?
5)当我部署到Heroku时会遇到这个问题吗?
5) Am I going to have this issue when I deploy to Heroku?
从我正在阅读的内容来看,这是我的操作系统未包含正确的CA文件的问题. ca_file 部分是由于我第一次尝试将正确的ca_file添加到我的请求中.我猜我不需要那个.我在heroku中使用代理,因为此API需要静态IP.
From what i'm reading, this is an issue of my OS not containing the correct CA files. the ca_file part is due to my first attempts to add the correct ca_file to my requests. I'm guessing I don't need that. I am using a Proxy with heroku because this API requires a static IP.
这是我的通用代码
cert = File.read(File.join(Rails.root, 'ssl', 'test_env', 'their_test_cert.der'))
ca_file = File.read(File.join(Rails.root, 'ssl', 'test_env', 'Class3PublicPrimaryCA.der'))
uri = URI("https://xml.theirtestenv.com/api/receive")
headers = {
'x-IK-Version' => 'IKR/V4.00',
}
proxy_host = "myproxyhose"
proxy_port = "1234"
proxy_user = "myproxyuser"
proxy_pass = "myproxypass"
proxy_request = Net::HTTP.new(uri.hostname, '443', proxy_host, proxy_port, proxy_user, proxy_pass)
# http.key = OpenSSL::PKey::RSA.new(rsa_key)
proxy_request.use_ssl = true
proxy_request.cert = OpenSSL::X509::Certificate.new(cert)
proxy_request.ca_file = ca_file
proxy_request.verify_mode = OpenSSL::SSL::VERIFY_PEER
# proxy_request.ssl_version = :SSLv3
# This doesn't seem to matter whether I put this or not...
# Tried variations of these...
# proxy_request.ssl_version = :TLSv1
# proxy_request.ciphers = ['DES-CBC3-SHA']
post_request = Net::HTTP::Post.new(uri, headers)
post_request.content_type = "multipart/related"
response = proxy_request.request(post_request)
puts response.inspect
此外,无论我输入什么 proxy_requst.ssl_version ,我都注意到了,我的错误始终指定为SSLv2/v3,这是否意味着他们最终需要该版本?
Also, i've noticed no matter what proxy_requst.ssl_version I put, my error always specifies SSLv2/v3, does that mean on their end they are requiring that version?
很抱歉所有问题.预先感谢
Sorry for all the questions. Thanks in advance
推荐答案
已经有一段时间了,但是我只想发布这是几个问题,我通过的证书不是用于错误的正确证书.环境.一旦正确的证书通过,它就开始起作用,尽管我从来没有完全弄清SSL版本的问题.
It's been awhile, but I just wanted to post that this was a couple of issues, the certificates I was passing were not the correct ones they were for the wrong environment. Once the correct certificates were passed this started working, though I never got the SSL Version questions quite figured out.
这篇关于API请求-OpenSSL :: SSL :: SSLError:SSL_connect SYSCALL返回= 5 errno = 0状态= SSLv3读取服务器问候A的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
