Ruby Net :: HTTP #ca_file似乎没用

时间:2016-03-20 09:01:19

标签: ruby ssl curl

我的网站使用的是StartCom ssl证书,无法通过ruby的Net :: HTTP进行验证。 我设置了ruby的Net :: HTTP #ca_file,但它仍然不起作用。

这是我的代码:

function clean_install_hdd () {
    Switch (Get-BiosType) {
        1       {$firmwaremode='Legacy BIOS'}
        2       {$firmwaremode='UEFI Mode'}
        Default {$firmwaremode='Unknown'}
    }
    Get-Disk

    $PartitionSize = Read-Host "Partition size - How many GB or max to use all available space"

    if ("$PartitionSize" -eq "max") {
        $partsize_param = '-UseMaximumSize'
    } else {
        $partsize_param = '-Size ' + $PartitionSize
    }

    if ("$firmwaremode" -eq "Legacy BIOS") {
        Clear-Disk 0 -RemoveData -RemoveOEM  -Confirm:$false; Initialize-Disk 0 -PartitionStyle MBR -Confirm:$false
        New-Partition -DiskNumber 0 -$partsize_param -DriveLetter C -IsActive | Format-Volume -FileSystem NTFS -NewFileSystemLabel Windows -ShortFileNameSupport $False  -Confirm:$false
    }
    if ("$firmwaremode" -eq "UEFI Mode") {
        Clear-Disk 0 -RemoveData -RemoveOEM  -Confirm:$false; Initialize-Disk 0 -PartitionStyle GPT  -Confirm:$false
        $systemPart = New-Partition -DiskNumber 0 -GptType '{c12a7328-f81f-11d2-ba4b-00a0c93ec93b}' -Size 100MB -DriveLetter S
        & format.com "$($systemPart.DriveLetter):" /FS:FAT32 /Q /Y | Out-Null
        New-Partition -DiskNumber 0 -GptType '{e3c9e316-0b5c-4db8-817d-f92df00215ae}' -Size 128MB
        Write-Host $partsize_param
        New-Partition -DiskNumber 0 -GptType '{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}' $partsize_param -DriveLetter C | Format-Volume -FileSystem NTFS -NewFileSystemLabel Windows -ShortFileNameSupport $False -Confirm:$false
    }
}​

但是使用curl,SSL验证似乎没问题。

irb(main):007:0> uri = URI('https://blog.a1ex.wang')
=> #<URI::HTTPS https://blog.a1ex.wang>
irb(main):008:0> h=Net::HTTP.new(uri.host,uri.port)
=> #<Net::HTTP blog.a1ex.wang:443 open=false>
irb(main):009:0> h.use_ssl=true
=> true
irb(main):010:0> h.ca_file="/home/alexwang/keys/blog/ca.pem"
=> "/home/alexwang/keys/blog/ca.pem"
irb(main):011:0> h.start
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
    from /home/alexwang/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
    from /home/alexwang/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect'
    from /home/alexwang/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
    from /home/alexwang/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/net/http.rb:858:in `start'
    from (irb):11
    from /home/alexwang/.rvm/rubies/ruby-2.3.0/bin/irb:11:in `<main>'
irb(main):012:0>

1 个答案:

答案 0 :(得分:1)

您必须拥有ca.pem中的所有证书,而不仅仅是根证书。您的网站有两个权限:

  • CN = StartCom证书颁发机构
  • CN = StartCom Class 1 DV Server CA

如果我在ca.pem中拥有两个权限,那么它就有用了。

相关问题
最新问题