ruby – connect:SSL_connect returned = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败(OpenSSL :: SSL :: SSLError)

前端之家收集整理的这篇文章主要介绍了ruby – connect:SSL_connect returned = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败(OpenSSL :: SSL :: SSLError)前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个可怕的时间获取SSL来验证证书.我完全不知道证书的工作原理,这是开始的主要障碍.以下是运行脚本时出现的错误
c:/Ruby191/lib/ruby/1.9.1/net/http.rb:611:in `connect': SSL_connect returned=1 e
rrno=0 state=SSLv3 read server certificate B: certificate verify Failed (OpenSSL
::SSL::SSLError)

以下是相关代码

client = Savon::Client.new order_svc

request = client.create_empty_cart { |soap,http|
  http.auth.ssl.cert_file = 'mycert.crt'
  http.auth.ssl.verify_mode = :none
  http.read_timeout = 90
  http.open_timeout = 90
  http.headers = { "Content-Length" => "0","Connection" => "Keep-Alive" }
  soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
  soap.body = {
      "wsdl:brand" => brand,"wsdl:parnter" => [
        {"open:catalogName" => catalogName,"open:partnerId" => partnerId }
      ] }.to_soap_xml

      }

任何帮助是赞赏.

解决方法

检查你的cert.pem和你的key.pem

证书密钥应该有一个

-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIKG1DIagAAAAAAAzANBgkqhkiG9w0BAQsFADCBvDEkMCIG
....
-----END CERTIFICATE-----

你的key.pem应该有

-----BEGIN PRIVATE KEY-----
CSqGSIb3DQEJARYVY2Fjb250YWN0QGVzY3JlZW4uY29tMQswCQYDVQQGEwJVUzEP
....
-----END PRIVATE KEY-----

它可能有一些证据,但这并不重要. (虽然它对我而言,如果没有额外的证据,卷曲不起作用)
我正在谈论的webservice有一个很好的根CA,但是客户端认证密钥不被信任,所以这可能是为什么额外的证书使卷曲工作.

从客户端证书中获取这些是什么导致了我的问题.

这是对我有用的.

openssl pkcs12 -in Client.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in Client.pfx -nodes -out key.pem

每个都将提示您输入密码
如果需要,您可以设置一个pem密码. (你必须稍后在ruby代码中设置它)

require 'savon'
client = Savon::Client.new "https://service/Service.asmx?wsdl"
client.http.auth.ssl.cert_key_file = "key.pem"
client.http.auth.ssl.cert_file = "cert.pem"
client.http.auth.ssl.verify_mode=:peer

p client.wsdl.soap_actions

你也可以用卷曲测试

curl -v  -E  key.pem  https://services/Service.asmx?wsdl

猜你在找的Ruby相关文章