OpenSSL在Rails中出错但不是Ruby

时间:2019-02-04 16:46:41

标签: ruby-on-rails ruby openssl

在Rails中尝试通过SSL连接时,出现错误:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

还有许多其他StackOverflow文章都涉及相同的错误,但是我们遇到的症状却大不相同。

当我们在Ruby中发布测试命令时,它可以工作,但是当我们发布引导到Rails环境中的同一命令时,会出现上述错误。

这里是带有输出的示例(由bundler.io建议:https://bundler.io/v1.16/guides/rubygems_tls_ssl_troubleshooting_guide.html#troubleshooting-certificate-errors

红宝石:

oot@376dd015bcee:/usr/src/app# ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
Here's your Ruby and OpenSSL environment:

Ruby:           2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
RubyGems:       2.7.7
Bundler:        1.16.6
Compiled with:  OpenSSL 1.1.0f  25 May 2017
Loaded version: OpenSSL 1.1.0f  25 May 2017
SSL_CERT_FILE:  /usr/lib/ssl/cert.pem
SSL_CERT_DIR:   /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org:       success ✅
RubyGems connection to rubygems.org:      success ✅
Ruby net/http connection to rubygems.org: success ✅

Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 
(eval):136: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated

导轨:

root@376dd015bcee:/usr/src/app# RAILS_ENV=production bundle exec rails r 'eval open("https://git.io/vQhWq").read'
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from require at /usr/local/lib/ruby/gems/2.5.0/gems/bundler-1.16.6/lib/bundler/runtime.rb:81)
no value for ELK DNS -
Expected string default value for '--serializer'; got true (boolean)
Here's your Ruby and OpenSSL environment:

Ruby:           2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
RubyGems:       2.7.7
Bundler:        1.16.6
Compiled with:  OpenSSL 1.1.0f  25 May 2017
Loaded version: OpenSSL 1.1.0f  25 May 2017
SSL_CERT_FILE:  /usr/lib/ssl/cert.pem
SSL_CERT_DIR:   /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org:       success ✅
RubyGems connection to rubygems.org:      success ✅
Ruby net/http connection to rubygems.org: failed  ❌

Unfortunately, this Ruby can't connect to rubygems.org. 
Your Ruby can't connect to rubygems.org because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine rubygems.org servers.

其他几点:

  1. 这是带有Amazon Linux AMI的标准ruby docker容器
  2. SSL_CERT_FILE /usr/lib/ssl/cert.pem不存在,但是SSL_CERT_DIR确实存在并且其中包含所有必需的证书。

为什么这对于Ruby而不对Rails有用?

0 个答案:

没有答案
相关问题
最新问题