Warning, do not do this in production, you are disabling SSL completely this way.

警告，请勿在生产中执行此操作，您正在以这种方式完全禁用 SSL。

If you really don't want the additional security of using certificate verification, and can upgrade to Ruby 1.9.3p327+, you can pass the ssl_verify_modeoption to the openmethod. Here for example is how I'm doing it:

如果你真的不想要使用证书验证的额外安全性，并且可以升级到 Ruby 1.9.3p327+，你可以将ssl_verify_mode选项传递给open方法。例如，这里是我的做法：

request_uri=URI.parse('myuri?that_has=params&encoded=in_it&optionally=1')

# The params incidentally are available as a String, via request_uri.query
output = open(request_uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE})
obj = JSON.parse output.readlines.join("")

Found it out myself now: I used the dirty hack, which works fine for me.

现在我自己发现了：我使用了dirty hack，这对我来说很好用。

I had to put it into: yourrailsapp/initalizers/

我不得不把它放入： yourrailsapp/initalizers/

There I created a bypass_ssl_verification_for_open_uri.rb

在那里我创建了一个 bypass_ssl_verification_for_open_uri.rb

And put:

并放：

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

it's good (it may spawn uninitialized constant OpenSSL (NameError)) to put require 'openssl' before that line, so

uninitialized constant OpenSSL (NameError)在该行之前放置 require 'openssl'很好（它可能会产生），所以

app/config/initializers/bypass_ssl_verification_for_open_uri.rb (filename of initializer doesn' matter)

app/config/initializers/bypass_ssl_verification_for_open_uri.rb（初始化的文件名无关紧要）

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

As you mentioned yourself, this is a dirty hack. Obviously, disabling SSL certificate verification is not a good idea.

正如你自己提到的，这是一个肮脏的黑客。显然，禁用 SSL 证书验证不是一个好主意。

There is a very helpful articleby Mislav Marohni?, which goes into great detail why this is bad and how to address this properly.

Mislav Marohni?有一篇非常有用的文章，其中详细介绍了为什么这是不好的以及如何正确解决这个问题。

In summary, you mostly get the SSL verify error if:

总之，如果出现以下情况，您通常会收到 SSL 验证错误：

1. the certificate is valid, but your system does not have the necessary root certificate for verification.
2. the certificate is self-signed, e.g. in your company and you need to trust it
3. you're subject to a man-in-the-middle attack

1. 证书有效，但您的系统没有验证所需的根证书。
2. 证书是自签名的，例如在您的公司中，您需要信任它
3. 你会受到中间人攻击

For me the first case applied, and simply updating the ca-certificates package on my Ubuntu system did the trick.

对我来说，第一种情况适用，只需更新我的 Ubuntu 系统上的 ca-certificates 包就可以了。

A great tool to track down your SSL error is the ssl doctor script.

跟踪 SSL 错误的一个很好的工具是ssl 医生脚本。

It's your call, but setting VERIFY_PEER to NONE is basically equivalent to disabling TLS altogether and connecting over plaintext HTTP. It makes man in the middle attacks trivial, and will not pass a PCI audit.

这是您的要求，但将 VERIFY_PEER 设置为 NONE 基本上等同于完全禁用 TLS 并通过纯文本 HTTP 进行连接。它使中间人攻击变得微不足道，并且不会通过 PCI 审核。

A weak but controlled way is

一种微弱但可控的方式是

class XMLRPC::Client
 # WEAK: Enrich the Client with a method for disabling SSL VERIFICATION
 # See /usr/lib/ruby/1.9.1/xmlrpc/client.rb:324
 # Bad hack but it works
 def disableSSLVerification
   @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
   warn "Proxyman SSL Verification disabled"
 end
end

Then you simply call

然后你只需调用

client.disableSSLVerification()

Seems like a good candidate for inclusion in environment.rb, or if this hack is only necessary in particular environments, then in their individual config files.

似乎是包含在 environment.rb 中的一个很好的候选者，或者如果这个 hack 只在特定环境中是必要的，那么在他们各自的配置文件中。