在过去的两天里,我认为我已经浏览了与Net::HTTP相关的每篇可用(google'able)帖子中有关此SSL错误的信息:
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
我首先尝试做的是连接到EtherPad服务器(https://test.titanpad.com),登录并使用rubygems& amp;下载zip存档。机械化;然而,遗憾的是,由于SSL-Error所述,我甚至没有达到这一点。在尝试从机械对象中调试问题后(通过在脚本中手动设置cert,ca_file,cert_store,verify_mode等),我更接近实际问题,尝试只需使用Net::HTTP
(在此示例中,我首先连接到https://encrypted.google.com以确保SSL 应该工作;尝试连接到EtherPad服务器从第6行开始)
irb(main):001:0> require 'net/https'
=> true
irb(main):002:0> google = Net::HTTP.new('encrypted.google.com', 443)
=> #<Net::HTTP encrypted.google.com:443 open=false>
irb(main):003:0> google.use_ssl = true
=> true
irb(main):004:0> google.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' if File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
=> "/opt/local/share/curl/curl-ca-bundle.crt"
irb(main):005:0> google.request_get('/')
=> #<Net::HTTPOK 200 OK readbody=true>
irb(main):006:0> etherpad = Net::HTTP.new('test.titanpad.com', 443)
=> #<Net::HTTP test.titanpad.com:443 open=false>
irb(main):007:0> etherpad.use_ssl = true
=> true
irb(main):008:0> etherpad.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' if File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
=> "/opt/local/share/curl/curl-ca-bundle.crt"
irb(main):009:0> etherpad.request_get('/')
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `connect'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `block in connect'
from /opt/local/lib/ruby1.9/1.9.1/timeout.rb:54:in `timeout'
from /opt/local/lib/ruby1.9/1.9.1/timeout.rb:99:in `timeout'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `connect'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:755:in `do_start'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:744:in `start'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:1284:in `request'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:1195:in `request_get'
from (irb):9
from /opt/local/bin/irb:12:in `<main>'
即使使用verify_mode OpenSSL::SSL::VERIFY_NONE,OpenSSL也会出局:
irb(main):010:0> etherpad.verify_mode = OpenSSL::SSL::VERIFY_NONE
=> 0
irb(main):011:0> etherpad.request_get('/')
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `connect'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `block in connect'
from /opt/local/lib/ruby1.9/1.9.1/timeout.rb:54:in `timeout'
from /opt/local/lib/ruby1.9/1.9.1/timeout.rb:99:in `timeout'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:799:in `connect'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:755:in `do_start'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:744:in `start'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:1284:in `request'
from /opt/local/lib/ruby1.9/1.9.1/net/http.rb:1195:in `request_get'
from (irb):11
from /opt/local/bin/irb:12:in `<main>'
在进一步讨论openssl本身之后,事实证明在这种情况下真正的麻烦是必须强制使用SSLv3进行握手,使用titanpad.com后面的Jetty 6.1.20 server工作:
irb(main):001:0> require 'net/https'
=> true
irb(main):002:0> etherpad = Net::HTTP.new('test.titanpad.com', 443)
=> #<Net::HTTP test.titanpad.com:443 open=false>
irb(main):003:0> etherpad.use_ssl = true
=> true
irb(main):004:0> etherpad.ssl_version = "SSLv3"
=> "SSLv3"
irb(main):005:0> etherpad.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' if File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
=> "/opt/local/share/curl/curl-ca-bundle.crt"
irb(main):006:0> etherpad.request_get('/')
=> #<Net::HTTPFound 302 Found readbody=true>
现在,虽然这在使用Net::HTTP时显然有效,但是没有设置{strong>机械化中使用的SSL版本的选项...因此我会这样做如果有人能指出我如何通过所述gem oO强制执行SSLv3,那真的很高兴
再次感谢!
系统:Mac OSX 10.6.8 ruby 1.9.3p0(2011-10-30修订版33570)[x86_64-darwin10] 使用mechanize安装的rubygems:domain_name(0.5.2),mechanize(2.1.1),net-http-digest_auth(1.2),net-http-persistent(2.4.1),nokogiri(1.5.0),ntlm-http( 0.1.1),unf(0.0.4),unf_ext(0.0.4),webrobots(0.0.13)
答案 0 :(得分:2)
已通过将ssl_version功能从Net :: HTTP(通过net-http-persistent)移植到Mechanize v.2.1.2(见https://github.com/tenderlove/mechanize/commit/4a228899855e0676ab69c2bf548170c8717465d8)来修复。