获取错误:JRuby中的“OpenSSL :: SSL :: SSLError:证书验证失败”

时间:2017-09-24 15:09:56

标签: ruby-on-rails ruby ssl openssl jruby

我在CentOS 7.4上安装了JRuby的最新版本(9.1.13.0)和RVM的最新版本(1.29.3)

一切正常,但HTTPS和SSL连接失败,错误如下:

OpenSSL::SSL::SSLError: certificate verify failed
    from org/jruby/ext/openssl/SSLSocket.java:228:in `connect_nonblock'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:938:in `connect'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:868:in `do_start'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:857:in `start'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:319:in `open_http'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:737:in `buffer_open'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:212:in `block in open_loop'
    from org/jruby/RubyKernel.java:1114:in `catch'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:210:in `open_loop'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:151:in `open_uri'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:717:in `open'
    from /usr/local/rvm/rubies/jruby-9.1.13.0/lib/ruby/stdlib/open-uri.rb:35:in `open'

我尝试重新安装OpenSSL和ca-certificates以及RVM和JRuby。此外,我试图用手动下载的文件替换cert文件,但没有任何效果。

更新 我用doctor.rb测试了我的问题:

export SSL_CERT_DIR='/etc/pki/tls/certs/' ; ruby doctor.rb www.google.com:443

得到了:

/usr/local/rvm/rubies/jruby-9.1.13.0/bin/jruby (2.3.3) JRuby-OpenSSL
0.9.21: /etc/ssl SSL_CERT_DIR="/etc/pki/tls/certs/" SSL_CERT_FILE="/etc/pki/tls/certs/ca-bundle.crt"

HEAD https://www.google.com:443 OpenSSL::SSL::SSLError: certificate
verify failed

The server presented a certificate that could not be verified:  
subject: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA   issuer:
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority   error code
20: unable to get local issuer certificate

更新2: 有趣的是,对www.facebook.comwww.apple.com等其他服务器的SSL连接测试工作正常!

1 个答案:

答案 0 :(得分:1)

Jruby使用自己的OpenSSL实现

我相信您与:https://github.com/jruby/jruby-openssl/issues/141#issuecomment-332788620

我在CentOS上也遇到了类似的问题。

我通过使用浏览器(firefox)将“证书链”保存到“ .pem”文件中来解决此问题。

然后设置env变量:

SSL_CERT_FILE=/tmp/certificate_chain.pem

Jruby / openSSL / centOs上报告了多个错误。

CentOS ca证书结构与其他发行版不同,并且似乎在JRuby + openSSL方面存在问题。

相关问题
最新问题