使用 Ruby 1.9.3 时出现“证书验证失败”OpenSSL 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8101377/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"Certificate verify failed" OpenSSL error when using Ruby 1.9.3
提问by Daniel Kehoe
I'm using Ruby 1.9.3p0 on Mac OS 10.6.8 (installed using rvm). When I attempt to create a new Rails application using an application template hosted on GitHub, with this (for example):
我在 Mac OS 10.6.8(使用 rvm 安装)上使用 Ruby 1.9.3p0。当我尝试使用托管在 GitHub 上的应用程序模板创建新的 Rails 应用程序时,(例如):
$ rails new myapp -m https://github.com/RailsApps/rails3-application-templates/raw/master/rails3-mongoid-devise-template.rb -T -O
I get this error message:
我收到此错误消息:
/Users/me/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I understand the Ruby language interpreter is using OpenSSL to connect to GitHub to request the application template file. GitHub requires all connections to be made using SSL. The connection failed because OpenSSL was unable to verify the server certificate.
我了解 Ruby 语言解释器正在使用 OpenSSL 连接到 GitHub 以请求应用程序模板文件。GitHub 要求使用 SSL 进行所有连接。连接失败,因为 OpenSSL 无法验证服务器证书。
I was able to resolve the issue by downloading a certificates file:
我能够通过下载证书文件来解决这个问题:
$ cd /opt/local/etc/openssl $ sudo curl -O http://curl.haxx.se/ca/cacert.pem $ sudo mv cacert.pem cert.pem
I had no problem using Ruby 1.9.2. Why did I get the "certificate verify failed" problem for Ruby 1.9.3? Is this a Ruby 1.9.3 bug? Is it specific to Mac OS 10.6.8? Is my solution the right way to resolve this?
我使用 Ruby 1.9.2 没有问题。为什么我会遇到 Ruby 1.9.3 的“证书验证失败”问题?这是 Ruby 1.9.3 的错误吗?它特定于 Mac OS 10.6.8 吗?我的解决方案是解决这个问题的正确方法吗?
回答by Daniel Kehoe
There are lots of moving parts involved in the correct answer. Depends on your OS, Ruby version, OpenSSL version, Rubygems version. I ended up writing an article after researching it. My article explains the reasons for the error, offers steps for further diagnosis, shows several workarounds, and suggests possible solutions. This will be helpful:
正确答案涉及许多活动部分。取决于您的操作系统、Ruby 版本、OpenSSL 版本、Rubygems 版本。我在研究后最终写了一篇文章。我的文章解释了错误的原因,提供了进一步诊断的步骤,展示了几种解决方法,并提出了可能的解决方案。这会很有帮助:
OpenSSL Errors and Rails – Certificate Verify Failed
There are also links to the relevant commits and issues on GitHub.
GitHub 上还有指向相关提交和问题的链接。
回答by Liron Yahdav
For me this occurred on OS X with homebrew after updating to the latest RVM (rvm 1.20.12) and then installing ruby-1.9.3-p429. I could reproduce the issue simply by running:
对我来说,这是在更新到最新的 RVM(rvm 1.20.12)然后安装 ruby-1.9.3-p429 后使用自制软件在 OS X 上发生的。我可以通过运行简单地重现这个问题:
$ rvm use ruby-1.9.3-p429
$ irb
1.9.3p429 :001 > require 'open-uri'; open 'https://google.com'
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `block in connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:55:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:100:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:756:in `do_start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:306:in `open_http'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:775:in `buffer_open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:203:in `block in open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `catch'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:146:in `open_uri'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:677:in `open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:33:in `open'
from (irb):1
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/bin/irb:16:in `<main>'1.9.3p429 :002 >
The solution was similar to that in the question, but the path was wrong. Running this fixed it:
解决方案与问题中的类似,但路径错误。运行此修复它:
curl https://curl.haxx.se/ca/cacert.pem -o /usr/local/etc/openssl/cert.pem
The clue as to the correct path was that when I was installing ruby-1.9.3-p429 via RVM this showed in the output:
关于正确路径的线索是,当我通过 RVM 安装 ruby-1.9.3-p429 时,这显示在输出中:
Certificates in '/usr/local/etc/openssl/cert.pem' already are up to date.
I had the /usr/local/etc/opensslpath, but no cert.pemfile in that directory, so I'm not sure why RVM claimed the certificates were up to date. It would be nice to know why I had to do this in first place, but I don't have time to investigate now.
我有/usr/local/etc/openssl路径,但cert.pem该目录中没有文件,所以我不确定为什么 RVM 声称证书是最新的。很高兴知道为什么我必须首先这样做,但我现在没有时间进行调查。
回答by Sander Temme
I had the same problem, having compiled my RVM Ruby against an RVM install of OpenSSL. I moved the cacerts.pem file as downloaded by the original poster under ~/.rvm/usr/ssl/cert.pem to make the problem go away.
我遇到了同样的问题,针对 OpenSSL 的 RVM 安装编译了我的 RVM Ruby。我将原始海报下载的 cacerts.pem 文件移动到 ~/.rvm/usr/ssl/cert.pem 下,以使问题消失。
回答by Robert Brown
I was having the same problem.
我遇到了同样的问题。
The way I finally fixed it was by upgrading my version of OpenSSL I had installed through MacPorts. I was running a version of OpenSSL from 2009 so I have upgraded my MacPorts installation then upgraded my OpenSSL installtion via the portscommand line interface and the error disappeared.
我最终修复它的方法是升级我通过 MacPorts 安装的 OpenSSL 版本。我运行的是 2009 年的 OpenSSL 版本,因此我升级了 MacPorts 安装,然后通过ports命令行界面升级了 OpenSSL 安装,错误消失了。
There must be some integration between Ruby/Rails and OpenSSL on Mac based installations that goes without saying. In my case I was having problems getting the Login with Facebookto work properly when Facebook was sending the oAuth/Login token back to my app, Devise & OmniAuth must have needed a valid SSL cert for graph.facebook.comwhich wasn't in my old version of OpenSSL.
在基于 Mac 的安装上,Ruby/Rails 和 OpenSSL 之间必须有一些集成,这是不言而喻的。在我的情况下,当 Facebook 将 oAuth/Login 令牌发送回我的应用程序时,我在使用 Facebook 登录正常工作时遇到问题,Devise & OmniAuth 必须需要一个有效的 SSL 证书,graph.facebook.com而我的旧版本的 OpenSSL 中没有该证书.
回答by seyyah
Openssl certification directory is /usr/lib/ssl/in Debian. So, following three lines was enough for me,
openssl 认证目录/usr/lib/ssl/在 Debian 中。所以,以下三行对我来说就足够了,
$ cd /usr/lib/ssl/
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem
回答by Henry
I had a similar issue but not on Rails, but on just Ruby on Windows. I resolved it by using the cacert.pemcertificate and setting the location of the certificate to the environmental variable "SSL_CERT_FILE"
我有一个类似的问题,但不是在 Rails 上,而是在 Windows 上的 Ruby 上。我通过使用cacert.pem证书并将证书的位置设置为环境变量“SSL_CERT_FILE”来解决它
Detailed answer here: https://stackoverflow.com/a/35429863/4747587
回答by John Bachir
It could possibly be because of how you built 1.9.2 and 1.9.3 — maybe whatever tool you used to build each configured things slightly differently. Or maybe they use different versions of OpenSSL.
这可能是因为你构建 1.9.2 和 1.9.3 的方式——也许你用来构建每个配置的东西的工具略有不同。或者他们可能使用不同版本的 OpenSSL。
Here is the only potentially relevant change I could spot to Net:HTTP between 1.9.2 and 1.9.3
这是我能发现的 Net:HTTP 在 1.9.2 和 1.9.3 之间唯一可能相关的变化
require 'net/protocol'
-autoload :OpenSSL, 'openssl'
require 'uri'
+autoload :OpenSSL, 'openssl'
(if you want to view the diff...)
(如果您想查看差异...)
git clone https://github.com/ruby/ruby.git cd ruby git diff origin/ruby_1_9_2 origin/ruby_1_9_3 -- http.rb
