Ruby-on-rails Rails 3:OpenSSL::SSL::SSLError:主机名与服务器证书不匹配
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4505795/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Rails 3: OpenSSL::SSL::SSLError: hostname was not match with the server certificate
提问by JP Silvashy
When trying to deliver an email via console I receive this error:
尝试通过控制台发送电子邮件时,我收到此错误:
OpenSSL::SSL::SSLError: hostname was not match with the server certificate
The thing is I really don't know much about certificates and such, or really how to get started troubleshooting this, I tried to do some investigation with openssland here is the certificate that is returned.
问题是我真的不太了解证书等,或者真的不知道如何开始解决这个问题,我试图做一些调查,openssl这里是返回的证书。
I don't know if its a problem with Postfix which is running on the server, or my rails app, any help or clues is really appreciated.
我不知道它是否是在服务器上运行的 Postfix 或我的 rails 应用程序的问题,真的很感激任何帮助或线索。
~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
0 s:/CN=myhostname
i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
[...redacted...]
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
Session-ID-ctx:
Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
Key-Arg : None
Start Time: 1292985376
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 DSN
回答by Bozhidar Batsov
An infinitely better solution (in terms of security that is) than the accepted answer would be:
一个比公认答案更好的解决方案(就安全性而言)是:
ActionMailer::Base.smtp_settings = {
:address => "mail.foo.com",
:port => 587,
:domain => "foo.com",
:user_name => "[email protected]",
:password => "foofoo",
:authentication => "plain",
:enable_starttls_auto => true,
:openssl_verify_mode => 'none'
}
This way you'll still be using encryption, but the validation of the certificate would be disabled (and you won't be getting any errors).
这样,您仍将使用加密,但证书验证将被禁用(并且您不会收到任何错误)。
回答by user208769
EDIT: This answer is no longer the best solution, and may no longer work. See this answerwhich is more secure.
编辑:此答案不再是最佳解决方案,并且可能不再有效。请参阅这个更安全的答案。
The name on certificate should match with the url on which you are running your application
证书上的名称应与您运行应用程序的 url 匹配
Not useful... I get this error with dreamhost, where I have no option to change the ssl certificate. (well, I do, but it costs.)
没用……我在dreamhost 上遇到了这个错误,我无法更改ssl 证书。(嗯,我知道,但它成本。)
One option is to disable tls. Hopefully you have something like this in your initializers:
一种选择是禁用 tls。希望你的初始化器中有这样的东西:
ActionMailer::Base.smtp_settings = {
:address => "mail.foo.com",
:port => 587,
:domain => "foo.com",
:user_name => "[email protected]",
:password => "foofoo",
:authentication => "plain",
:enable_starttls_auto => true
}
Change the enable starttls auto option to false (or add it in if it isn't present).
将 enable starttls auto 选项更改为 false(如果不存在则将其添加)。
Warning: this will disable encryption, meaning your username an password will traverse the internet in plain text
警告:这将禁用加密,这意味着您的用户名和密码将以纯文本形式遍历互联网
I can't see a better way of doing this, so would be interested in any answers.
我看不出有更好的方法来做到这一点,所以会对任何答案感兴趣。
回答by CharlesC
If you are using the ruby mail library as I do,here is the setting for pop
如果你像我一样使用 ruby 邮件库,这里是 pop 的设置
pop = Net::POP3.new(mail_server, mail_port)
pop.enable_ssl(0) #(default is on, if you want turn it off set it to 0 )
pop.start(mail_username, mail_pwd)
回答by user208769
As many people discussing this question have mentioned dreamhost, there is a better dreamhost-specific answer to this question.
正如讨论这个问题的很多人都提到过dreamhost,这个问题有一个更好的dreamhost-specific 答案。
Your email software, in recent years, has probably started getting more belligerent at you for using incorrect servernames on your certificates. As a response, Dreamhost now recommends using their domain namerather than your own when setting up your email account.
近年来,您的电子邮件软件可能会因为在您的证书上使用不正确的服务器名称而对您越来越挑剔。作为回应,Dreamhost 现在建议在设置电子邮件帐户时使用他们的域名而不是您自己的域名。
You need to find out which mail cluster your account is assigned to, then your config will be as follows:
您需要找出您的帐户分配给哪个邮件集群,然后您的配置如下:
ActionMailer::Base.smtp_settings = {
:address => "mail.foo.com",
:port => 587,
:domain => "subX.mail.dreamhost.com" # instead of "foo.com",
:user_name => "[email protected]",
:password => "foofoo",
:authentication => "plain",
:enable_starttls_auto => true,
# :openssl_verify_mode => 'none' # hopefully, no longer needed
}
where subXis the subdomain your email cluster is on. Currently this can be found on your Dreamhost panel at Panel > Support > Data Centers
subX您的电子邮件集群所在的子域在哪里。目前,这可以在您的 Dreamhost 面板上找到Panel > Support > Data Centers
More details can be found on their email client configuration page: https://help.dreamhost.com/hc/en-us/articles/214918038-Email-client-configuration-overview
可以在他们的电子邮件客户端配置页面上找到更多详细信息:https: //help.dreamhost.com/hc/en-us/articles/214918038-Email-client-configuration-overview
