OmniAuth& Facebook：证书验证失败 [英] OmniAuth & Facebook: certificate verify failed

问题描述

我遵循 Railscast＃235 尝试设置一个最小Facebook认证。

I've followed Railscast #235 to try and set up a minimal Facebook authentication.

我已经像瑞恩本人一样，建立了Twitter认证。这样做完美无瑕。

I've first set up a Twitter authentication, as done by Ryan himself. That worked flawlessly.

然后，我转而添加一个Facebook登录。但是，在授权应用程序后，重定向到 / auth / facebook / callback 将失败：

I then moved on to adding a Facebook login. However, after authorizing the app the redirect to /auth/facebook/callback fails with:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

<我正在本地主机工作。我没有在应用程序中设置任何SSL。我做错了什么？

I am working on localhost. I didn't set up any SSL within the app. What am I doing wrong?

推荐答案

真正的问题是法拉第（Omniauth / Oauth用于他们的HTTP调用）不是没有为OpenSSL设置ca_path变量。至少在Ubuntu上，大多数根证书都存储在/ etc / ssl / certs中。由于法拉第不是没有设置此变量（而且目前还没有一个方法），OpenSSL 不是 wasn没有找到Facebook的SSL证书的根证书。

The real problem is that Faraday (which Omniauth/Oauth use for their HTTP calls) is not wasn't setting the ca_path variable for OpenSSL. At least on Ubuntu, most root certs are stored in "/etc/ssl/certs". Since Faraday isn't wasn't setting this variable (and currently does not have a method to do so), OpenSSL isn't wasn't finding the root certificate for Facebook's SSL certificate.

我有向法拉第提交了一个拉动请求，这将增加对这个变量的支持，希望他们能够尽快提出这一改变。在此之前，您可以将法拉第monachypatch看起来像这个或使用我的法拉第叉子。之后，您应该在您的Gemspec中指定OAuth2 gem的版本0.3.0，该脚本支持将SSL选项传递到法拉第。现在您需要做的是升级到法拉第0.6.1，它支持传递ca_path变量并升级到OmniAuth 0.2.2，它具有适用于OAuth2的依赖关系。然后，您可以通过将以下内容添加到Omniauth初始化程序来正确解决此问题：

I've submitted a pull request to Faraday which will add support for this variable and hopefully they will pull in this change soon. Until then, you can monkeypatch faraday to look like this or use my fork of Faraday. After that, you should specify version 0.3.0 of the OAuth2 gem in your Gemspec which supports the passing of SSL options through to Faraday. All you need to do now is upgrade to Faraday 0.6.1, which supports passing of the ca_path variable and upgrade to OmniAuth 0.2.2, which has the proper dependencies for OAuth2. You'll then be able to properly fix this issue by just adding the following to your Omniauth initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

1. 法拉第需要更新以支持SSL ca_path。安装 Faraday 0.6.1


2. 您的应用需要使用OAuth2版本0.3.0。您可能需要fork omniauth，因为它目前在0.2.x树中具有次要版本依赖。升级到OmniAuth 0.2.2


3. 修改提供程序初始化程序以指向您的系统的证书路径（Ubuntu等人的/ etc / ssl / certs）

1. Faraday needs to be updated to support SSL ca_path. Install Faraday 0.6.1
2. Your app needs to use OAuth2 version 0.3.0. You may need to fork omniauth since it currently has a minor version dependency in the 0.2.x tree. Upgrade to OmniAuth 0.2.2
3. Modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu et al)

希望下一个版本的法拉第并且Omniauth将纳入此解决方案。

感谢KirylP上面的设置我正确的路径。

Thanks to KirylP above for setting me on the right path.

这篇关于OmniAuth&amp; Facebook：证书验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！