Ruby OpenSSL错误 – 缺少CA Certs(谁是Justin？)

我正在编写一个小实用程序脚本,使用 Windows上的 Ruby的Net :: HTTP模块通过HTTPS处理一些RESTful API.我一直都会遇到这个错误：

C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify Failed (OpenSSL::SSL::SSLError)
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from C:/Ruby22-x64/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:1375:in `request'

根据this post我错过了默认的CA Certs.我跑了他的“ssl医生”脚本,它给了我这个诊断：

C:\Users\Megaflux\Documents\GitHub\Github_Backup> ruby doctor.rb
C:/Ruby22-x64/bin/ruby (2.2.2-p95)
OpenSSL 1.0.1l 15 Jan 2015: C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""

HEAD https://status.github.com:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify Failed

The server presented a certificate that could not be verified:
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  error code 20: unable to get local issuer certificate

Possible causes:
  `C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/cert.pem' does not exist
  `C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/certs/' is empty

我可以下载一些根CA证书并在那个目录下安装它们,这并不难.但贾斯汀是谁？我的机器上没有该用户,如果不需要,我宁愿不创建这些文件夹.有谁知道如何更改默认的ssl证书目录？

非常感谢.

编辑：
为了完整起见,我将抛出生成错误的脚本

require 'open-uri'
open("https://www.google.com/") {|f|
   f.each_line {|line| p line}
}

解决方法

RubyInstaller issue #153

OpenSSL::X509::DEFAULT_CERT_FILE with personal hardcoded path

The problem is OpenSSL that has hardcoded values. Search to closed
issues and also RubyInstaller group and will see this happens from
time to time.

OpenSSL needs to be fixed,but no patch to solve this issue has
proposed to OpenSSL itself. See 07001

cert.pem is already provided by RubyGems and is included,please take
a look here:

07002

That is part of Ruby and thus,RubyInstaller release.

RubyGems is capable of installing gems from rubygems.org,however,
like you pointed in the Bundler issue,you need a list of other CAs so
connect to the private/custom RubyGems server works.

For that you need to set SSL_CERT_FILE environment variable pointing
to the CA certs file.

See 07003 and 07004

tl; dr：Justin是编译OpenSSL二进制文件的人.

原文链接：https://www.f2er.com/ruby/267863.html

Ruby OpenSSL错误 – 缺少CA Certs(谁是Justin？)

解决方法

OpenSSL::X509::DEFAULT_CERT_FILE with personal hardcoded path

猜你在找的Ruby相关文章