CentOS 6.2上的Ruby OpenSSL :: SSL :: SSLError

时间:2014-05-14 11:40:09

标签: ruby openssl centos

我试图在CentOS 6.2中运行以下代码(取自codeacademy):

require 'rubygems'
require 'oauth'



# Change the following values to those provided on dev.twitter.com

# The consumer key identifies the application making the request.

# The access token identifies the user making the request.

consumer_key = OAuth::Consumer.new(

    "MY_KEY",

    "MY_SECRET")

access_token = OAuth::Token.new(

    "STRING1",

    "STRING2")


# All requests will be sent to this server.

baseurl = "https://api.twitter.com"



# The verify credentials endpoint returns a 200 status if

# the request is signed correctly.

address = URI("#{baseurl}/1.1/account/verify_credentials.json")



# Set up Net::HTTP to use SSL, which is required by Twitter.

http = Net::HTTP.new address.host, address.port

http.use_ssl = true

http.verify_mode = OpenSSL::SSL::VERIFY_PEER


# Build the request and authorize it with OAuth.

request = Net::HTTP::Get.new address.request_uri

request.oauth! http, consumer_key, access_token


# Issue the request and return the response.

http.start

response = http.request request

puts "The response status was #{response.code}"

并收到以下错误消息:

  

/usr/lib/ruby/1.8/net/http.rb:586:in`connect':SSL_connect返回= 1   errno = 0 state = SSLv3读取服务器证书B:证书验证   失败(OpenSSL :: SSL :: SSLError)

键已被省略(毕竟,tehy是秘密的),但我使用了正确的键。 安装了必要的宝石。

问题可能是什么?

1 个答案:

答案 0 :(得分:0)

http = Net::HTTP.new address.host, address.port
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
...

您还需要:

http.ca_file = File.join(File.dirname(__FILE__), "ca-cert.pem")

自Tweeter以来:

$ openssl s_client -connect api.twitter.com:443
CONNECTED(00000003)
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=Twitter Security/CN=api.twitter.com
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
...

您需要顶级发行人,(1级i:),即 VeriSign Class 3公共主要证书颁发机构 - G5 。你可以从Public Root CA - VeriSign获得。文件名为PCA-3G5.pem

下载root后,您可以再次运行s_client,服务器证书将验证:

$ openssl s_client -connect api.twitter.com:443 -CAfile PCA-3G5.pem