我试图在CentOS 6.2中运行以下代码(取自codeacademy):
require 'rubygems'
require 'oauth'
# Change the following values to those provided on dev.twitter.com
# The consumer key identifies the application making the request.
# The access token identifies the user making the request.
consumer_key = OAuth::Consumer.new(
"MY_KEY",
"MY_SECRET")
access_token = OAuth::Token.new(
"STRING1",
"STRING2")
# All requests will be sent to this server.
baseurl = "https://api.twitter.com"
# The verify credentials endpoint returns a 200 status if
# the request is signed correctly.
address = URI("#{baseurl}/1.1/account/verify_credentials.json")
# Set up Net::HTTP to use SSL, which is required by Twitter.
http = Net::HTTP.new address.host, address.port
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
# Build the request and authorize it with OAuth.
request = Net::HTTP::Get.new address.request_uri
request.oauth! http, consumer_key, access_token
# Issue the request and return the response.
http.start
response = http.request request
puts "The response status was #{response.code}"
并收到以下错误消息:
/usr/lib/ruby/1.8/net/http.rb:586:in`connect':SSL_connect返回= 1 errno = 0 state = SSLv3读取服务器证书B:证书验证 失败(OpenSSL :: SSL :: SSLError)
键已被省略(毕竟,tehy是秘密的),但我使用了正确的键。 安装了必要的宝石。
问题可能是什么?
答案 0 :(得分:0)
http = Net::HTTP.new address.host, address.port
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
...
您还需要:
http.ca_file = File.join(File.dirname(__FILE__), "ca-cert.pem")
自Tweeter以来:
$ openssl s_client -connect api.twitter.com:443
CONNECTED(00000003)
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=Twitter Security/CN=api.twitter.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
...
您需要顶级发行人,(1级i:
),即 VeriSign Class 3公共主要证书颁发机构 - G5 。你可以从Public Root CA - VeriSign获得。文件名为PCA-3G5.pem
。
下载root后,您可以再次运行s_client
,服务器证书将验证:
$ openssl s_client -connect api.twitter.com:443 -CAfile PCA-3G5.pem