RestClient.get 返回证书验证失败 [英] RestClient.get returning certificate verify failed

问题描述

我正在尝试使用 RestClient 和 Ruby v. 2.2.1 访问内部测试 API 服务器.

I am trying hit an internal testing API server using RestClient and Ruby v. 2.2.1.

这基本上是代码:

url = "https://10.10.0.10/thing/i/want/to/get"
header = {
      :content_type => "application/json",
      :"x-auth-token" => "testingtoken"
  }
response = RestClient.get url, header

这是我收到的失败信息:

This is the failure message I get:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)

如果我没看错的话，Ruby 似乎无法接受 SSL 安全证书.这个调用在 Chrome 应用程序 Postman 中工作，但为了让它工作，我必须在 Chrome 本身中点击 URL 并接受连接不安全(但仍然继续)，然后它将在邮递员中工作.

If I'm reading this right, it looks like Ruby couldn't accept the SSL security certificate. This call works in the Chrome app Postman, but in order for it to work, I have to hit the URL in Chrome itself and accept that the connection is not secure (but proceed anyway), and THEN it will work in postman.

有没有办法在 Ruby 中忽略证书失败并继续进行?

Is there a way to ignore the certificate failures and proceed anyway in Ruby?

推荐答案

尝试使用 #execute(&block) 并将 verify_ssl 设置为 false.

Try using #execute(&block) with verify_ssl set to false.

:verify_ssl 开启 ssl 验证，可能的值为常量来自 OpenSSL::SSL::VERIFY_*，默认为 OpenSSL::SSL::VERIFY_PEER

:verify_ssl enable ssl verification, possible values are constants from OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER

url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
  :content_type => "application/json",
  :"x-auth-token" => "testingtoken"
}

RestClient::Request.execute(
  :url => url, 
  :method => :get, 
  :headers => headers,
  :verify_ssl => false
)

参见:http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method

RVM

针对 RVM 用户的其他解决方案来自:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

Additional solution for RVM users from: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

这个Github上的讨论终于给出了解决方案:不知何故RVM来了使用静态链接的 ruby​​ 预编译版本一个 openssl，它查看 /etc/openssl 的证书.

This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.

你想做的是不要使用任何预编译的红宝石和而是在本地机器上编译 ruby​​，如下所示:rvm install 2.2.0 --disable-binary

What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary

这篇关于RestClient.get 返回证书验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！