OmniAuth &Facebook:证书验证失败 [英] OmniAuth & Facebook: certificate verify failed
问题描述
我已经按照 Railscast #235 尝试设置一个最小的Facebook 身份验证.
I've followed Railscast #235 to try and set up a minimal Facebook authentication.
我首先设置了 Twitter 身份验证,正如 Ryan 本人所做的那样.这完美无缺.
I've first set up a Twitter authentication, as done by Ryan himself. That worked flawlessly.
然后我开始添加 Facebook 登录信息.但是,在授权应用程序后,重定向到 /auth/facebook/callback 失败:
I then moved on to adding a Facebook login. However, after authorizing the app the redirect to /auth/facebook/callback fails with:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
我在本地主机上工作.我没有在应用程序中设置任何 SSL.我做错了什么?
I am working on localhost. I didn't set up any SSL within the app. What am I doing wrong?
推荐答案
真正的问题是 Faraday(Omniauth/Oauth 用于他们的 HTTP 调用)is not 没有设置 ca_path 变量对于 OpenSSL.至少在 Ubuntu 上,大多数根证书都存储在/etc/ssl/certs"中.由于 Faraday 不是 没有设置这个变量 (并且目前没有这样做的方法),OpenSSL ist 不是找不到 Facebook 的 SSL 证书的根证书.
The real problem is that Faraday (which Omniauth/Oauth use for their HTTP calls) is not wasn't setting the ca_path variable for OpenSSL. At least on Ubuntu, most root certs are stored in "/etc/ssl/certs". Since Faraday isn't wasn't setting this variable (and currently does not have a method to do so), OpenSSL isn't wasn't finding the root certificate for Facebook's SSL certificate.
我已经向法拉第提交了拉取请求,这将增加支持对于这个变量,希望他们很快就会引入这个变化.在此之前,您可以将法拉第修改为 this 或使用我的法拉第叉.之后,您应该在 Gemspec 中指定 OAuth2 gem 的 0.3.0 版本,它支持将 SSL 选项传递给 Faraday. 现在您需要做的就是升级到 Faraday 0.6.1,它支持传递ca_path 变量并升级到 OmniAuth 0.2.2,它具有 OAuth2 的适当依赖项.然后,您只需将以下内容添加到 Omniauth 初始值设定项中即可正确解决此问题:
I've submitted a pull request to Faraday which will add support for this variable and hopefully they will pull in this change soon. Until then, you can monkeypatch faraday to look like this or use my fork of Faraday. After that, you should specify version 0.3.0 of the OAuth2 gem in your Gemspec which supports the passing of SSL options through to Faraday. All you need to do now is upgrade to Faraday 0.6.1, which supports passing of the ca_path variable and upgrade to OmniAuth 0.2.2, which has the proper dependencies for OAuth2. You'll then be able to properly fix this issue by just adding the following to your Omniauth initializer:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end
所以,回顾一下:
Faraday 需要更新以支持 SSL ca_path.安装 Faraday 0.6.1您的应用需要使用 OAuth2 版本 0.3.0.您可能需要 fork omniauth,因为它目前在 0.2.x 树中有一个次要版本依赖项.升级到 OmniAuth 0.2.2- 修改您的提供者初始值设定项以指向您系统的证书路径(Ubuntu 等上的/etc/ssl/certs")
Faraday needs to be updated to support SSL ca_path.Install Faraday 0.6.1Your app needs to use OAuth2 version 0.3.0. You may need to fork omniauth since it currently has a minor version dependency in the 0.2.x tree.Upgrade to OmniAuth 0.2.2- Modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu et al)
希望 Faraday 和 Omniauth 的下一个版本都包含此解决方案.
感谢上面的 KirylP 让我走上了正确的道路.
Thanks to KirylP above for setting me on the right path.
这篇关于OmniAuth &Facebook:证书验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
