SSL_connect证书验证失败(OpenSSL :: SSL :: SSLError)

时间:2018-12-10 00:50:02

标签: ruby-on-rails ssl-certificate

我收到SSL_connect错误:

> ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
        from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:933:in `connect'
        from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
        from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:852:in `start'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:319:in `open_http'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:737:in `buffer_open'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:210:in `catch'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:210:in `open_loop'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:151:in `open_uri'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:717:in `open'
        from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:35:in `open'
        from -e:1:in `<main>'

我尝试过的事情:

关注official instructions

  • 自动SSL检查->失败
  • 更新了Bundler->成功(bundler-1.17.1)
  • 更新后的Rubygems->成功(rubygems-2.7.8)
  • 同步时间->成功(time.windows.com)
  • 更新的CA证书->用新的GlobalSignRootCA.pem替换了F:\Ruby\ruby\lib\ruby\site_ruby\2.3.0\rubygems\ssl_certs\index.rubygems.org\GlobalSignRootCA.pem
  • 已重新运行自动SSL检查->失败

其他一些我不感兴趣的解决方案:

  • 关闭验证:http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  • http://rubygems.org添加到gem sources
  • 设置SSL_CERT_FILE。但为什么?如本blog
  • 所述
  

设置SSL_CERT_FILE

     

如果您知道自己是什么,这不是一个不好的解决方案   在做。但是,有很多解决方案建议   将CA证书下载到您的计算机并设置   SSL_CERT_FILE环境变量到其位置。

     

此方法的问题是您不知道是否可以信任   您正在下载的CA证书。在某些情况下,CA证书   甚至以明文形式下载。如果你问我,那就麻烦了。

我在:

  • Windows 10
  • Ruby 2.3.3p222(2016-11-21修订版56859)[i386-mingw32]
  • 导轨5.1.6.1
  • gem 2.7.8(最近升级)

0 个答案:

没有答案