使用FTPTLS的Heroku - SSL连接出错

时间:2012-06-29 01:28:36

标签: heroku ftp openssl ssl-certificate ssl

我正在尝试通过Heroku上的TLS连接到FTP,使用rails 1.9

Rails 1.9不包含FTPTLS,因此我将Rails 1.8 ftptls.rb文件复制到lib / assets中。

这在localhost上运行正常,但是当我将它推送到Heroku时失败,因为证书验证失败了。

LIB /资产/ ftptls.rb:

=begin
= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP.

= Info
  'OpenSSL for Ruby 2' project
  Copyright (C) 2003 Blaz Grilc <farmer@gmx.co.uk>
  All rights reserved.

= Licence
  This program is licenced under the same licence as Ruby.
  (See the file 'LICENCE'.)

= Requirements

= Version
  $Id: ftptls.rb 13657 2007-10-08 11:16:54Z gotoyuzo $

= Notes
  Tested on FreeBSD 5-CURRENT and 4-STABLE
  - ruby 1.6.8 (2003-01-17) [i386-freebsd5]
  - OpenSSL 0.9.7a Feb 19 2003
  - ruby-openssl-0.2.0.p0
  tested on ftp server: glftpd 1.30
=end

require 'socket'
require 'openssl'
require 'net/ftp'

module Net
  class FTPTLS < FTP
    def connect(host, port=FTP_PORT)
      @hostname = host
      super
    end

    def login(user = "anonymous", passwd = nil, acct = nil)
       store = OpenSSL::X509::Store.new
       store.set_default_paths
       ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
       ctx.cert_store = store
       ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
       ctx.key = nil
       ctx.cert = nil
       voidcmd("AUTH TLS")
       @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
       @sock.connect
       @sock.post_connection_check(@hostname)
       super(user, passwd, acct)
       voidcmd("PBSZ 0")
    end
  end
end

Heroku的错误:

  

SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败

我找到了关于https连接的这个帖子: http://www.quora.com/What-is-the-path-to-the-SSL-root-certificate-trusted-root-CA-on-Heroku

所以我尝试将此添加到我的ftptls.rb文件中,但错误仍然存​​在。

ctx.ca_file = '/usr/lib/ssl/certs/ca-certificates.crt'

有任何关于让它发挥作用的想法吗?

0 个答案:

没有答案