当前位置: 文江博客话题详情

OmniAuth 和Facebook:证书验证失败

发布于 2024-09-28 10:26:27 字数 442 浏览 3 评论 0原文

我按照 Railscast #235 尝试设置最低限度的 Facebook 身份验证。

我首先设置了 Twitter 身份验证,正如 Ryan 本人所做的那样。这工作完美无缺。

然后我开始添加 Facebook 登录信息。但是,授权应用程序后,重定向到 /auth/facebook/callback 失败并显示:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

我正在本地主机上工作。我没有在应用程序中设置任何 SSL。我做错了什么?

原文

I've followed Railscast #235 to try and set up a minimal Facebook authentication.

I've first set up a Twitter authentication, as done by Ryan himself. That worked flawlessly.

I then moved on to adding a Facebook login. However, after authorizing the app the redirect to /auth/facebook/callback fails with:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I am working on localhost. I didn't set up any SSL within the app. What am I doing wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(18

梦里人 2024-10-05 10:26:27

真正的问题是 Faraday(Omniauth/Oauth 用于 HTTP 调用)不是 没有为 OpenSSL 设置 ca_path 变量。至少在 Ubuntu 上,大多数根证书都存储在“/etc/ssl/certs”中。由于 Faraday isn't 没有设置此变量 (并且当前没有方法这样做),因此 OpenSSL isn't 不是找不到 Facebook 的 SSL 证书的根证书。

我已经向 Faraday 提交了拉取请求,这将添加对此变量的支持希望他们能尽快做出改变。在那之前,您可以将法拉第打上猴子补丁,使其看起来像这个 或使用我的法拉第分叉。之后,您应该在 Gemspec 中指定 OAuth2 gem 版本 0.3.0,它支持将 SSL 选项传递给 Faraday。 现在您需要做的就是升级到 Faraday 0.6.1,它支持传递ca_path 变量并升级到 OmniAuth 0.2.2,它具有 OAuth2 的适当依赖项。然后,您只需将以下内容添加到 Omniauth 初始值设定项即可正确解决此问题:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

因此,回顾一下:

  1. Faraday 需要更新以支持 SSL ca_path。 安装 Faraday 0.6.1
  2. 您的应用需要使用 OAuth2 版本 0.3.0。您可能需要分叉omniauth,因为它当前在0.2.x树中具有次要版本依赖性。升级到OmniAuth 0.2.2
  3. 修改您的提供程序初始值设定项以指向系统的证书路径(“/etc/ssl/certs” " on Ubuntu et al)

希望 Faraday 和 Omniauth 的下一个版本都将包含此解决方案。

感谢上面的 KirylP 让我走上了正确的道路。

The real problem is that Faraday (which Omniauth/Oauth use for their HTTP calls) is not wasn't setting the ca_path variable for OpenSSL. At least on Ubuntu, most root certs are stored in "/etc/ssl/certs". Since Faraday isn't wasn't setting this variable (and currently does not have a method to do so), OpenSSL isn't wasn't finding the root certificate for Facebook's SSL certificate.

I've submitted a pull request to Faraday which will add support for this variable and hopefully they will pull in this change soon. Until then, you can monkeypatch faraday to look like this or use my fork of Faraday. After that, you should specify version 0.3.0 of the OAuth2 gem in your Gemspec which supports the passing of SSL options through to Faraday. All you need to do now is upgrade to Faraday 0.6.1, which supports passing of the ca_path variable and upgrade to OmniAuth 0.2.2, which has the proper dependencies for OAuth2. You'll then be able to properly fix this issue by just adding the following to your Omniauth initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

So, to recap:

  1. Faraday needs to be updated to support SSL ca_path. Install Faraday 0.6.1
  2. Your app needs to use OAuth2 version 0.3.0. You may need to fork omniauth since it currently has a minor version dependency in the 0.2.x tree. Upgrade to OmniAuth 0.2.2
  3. Modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu et al)

Hopefully the next releases of both Faraday and Omniauth will incorporate this solution.

Thanks to KirylP above for setting me on the right path.

回复 原文
少女的英雄梦 2024-10-05 10:26:27

我遇到了这个问题并尝试使用 :ca_path 参数但没有成功。在浏览了 Github 一段时间后,我发现了一个建议,提到使用 :ca_file 并直接指向认证。

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'secret_key', 'secret_key',
   :client_options => {:ssl => {:ca_file => '/etc/pki/tls/certs/ca-bundle.crt'}}}
end

如果您需要获取系统认证文件(以及您使用的 Linux)的路径,只需从终端键入即可。这将为您提供有关 SSL 设置的大量信息,包括路径(请参阅 OPENSSSLDIR)。您需要将 certs/ca-bundle.crt 添加到提供的路径中。

open-ssl version -a

I was having this problem and tried using the :ca_path argument without success. After looking through Github for awhile, I came across a suggestion that mentioned using :ca_file and point directly to the certification.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'secret_key', 'secret_key',
   :client_options => {:ssl => {:ca_file => '/etc/pki/tls/certs/ca-bundle.crt'}}}
end

If you need to get the path to your systems certification files (and your using linux) simply type from the terminal. This will give you a bunch of information about your SSL setup, including the path (refer to OPENSSLDIR). You'll need to add certs/ca-bundle.crt to the path provided.

open-ssl version -a
回复 原文
情域 2024-10-05 10:26:27

我使用的是 ubuntu 10.10 (Maverick)...在我让它工作之前挣扎了大约 6 个小时,分享我的经验

  1. 没有尝试猴子补丁
  2. 尝试过 {:client_options => {:ssl =>
    {:ca_path =>; "/etc/ssl/certs"}} 但仍然无法工作
  3. 尝试了 ruby​​ 1.8.7 仍然无法工作
  4. 尝试了不同版本的omniauth &法拉第,仍然没有运气。

唯一使它起作用的是以下(感谢亚历克斯)

if Rails.env.development? 
  OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 
end

I am on ubuntu 10.10 (Maverick)... struggled about 6 hours before I got it to work, sharing my experience

  1. did not try monkey patch
  2. tried {:client_options => {:ssl =>
    {:ca_path => "/etc/ssl/certs"}} but still not worked
  3. tried ruby 1.8.7 still not worked
  4. tried different versions of omniauth & faraday, still no luck.

The only thing that made it to work was following (thanks Alex)

if Rails.env.development? 
  OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 
end
回复 原文
ぽ尐不点ル 2024-10-05 10:26:27

设法通过 SSL 证书验证,就像它必须的那样。
我的项目使用 37signals ID 进行 Basecamp 集成(Ruby 1.9.2-p130、Rails 3.0.4)。

RAILS_ROOT/config/initializers/omniauth.rb

require 'omniauth/oauth'

Rails.application.config.middleware.use OmniAuth::Strategies::ThirtySevenSignals,
    'CLIENT_ID', 'CLIENT_SECRET', {client_options: {ssl: {ca_file: Rails.root.join('gd_bundle.crt').to_s}}}

module OAuth2
  class Client
    def initialize(client_id, client_secret, opts = {})
      adapter = opts.delete(:adapter)
      self.id = client_id
      self.secret = client_secret
      self.site = opts.delete(:site) if opts[:site]
      self.options = opts
      self.connection = Faraday::Connection.new(site, {ssl: opts.delete(:ssl)})
      self.json = opts.delete(:parse_json)        # ^ my code starts here

      if adapter && adapter != :test
        connection.build { |b| b.adapter(adapter) }
      end
    end
  end
end

您可以在 37signals.com 获取“CL​​IENT_ID”、“CLIENT_SECRET” 和来自 GoDaddy 的证书捆绑文件 gd_bundle.crt,因为 37signals 正在使用他们的CA。

Managed to go through SSL Certificate Verification like it has to be.
My project is using 37signals ID for Basecamp integration (Ruby 1.9.2-p130, Rails 3.0.4).

RAILS_ROOT/config/initializers/omniauth.rb:

require 'omniauth/oauth'

Rails.application.config.middleware.use OmniAuth::Strategies::ThirtySevenSignals,
    'CLIENT_ID', 'CLIENT_SECRET', {client_options: {ssl: {ca_file: Rails.root.join('gd_bundle.crt').to_s}}}

module OAuth2
  class Client
    def initialize(client_id, client_secret, opts = {})
      adapter = opts.delete(:adapter)
      self.id = client_id
      self.secret = client_secret
      self.site = opts.delete(:site) if opts[:site]
      self.options = opts
      self.connection = Faraday::Connection.new(site, {ssl: opts.delete(:ssl)})
      self.json = opts.delete(:parse_json)        # ^ my code starts here

      if adapter && adapter != :test
        connection.build { |b| b.adapter(adapter) }
      end
    end
  end
end

Where 'CLIENT_ID', 'CLIENT_SECRET' you can get at 37signals.com and certificates bundle file gd_bundle.crt from GoDaddy because 37signals are using their CA.

回复 原文
小嗷兮 2024-10-05 10:26:27

如果您要部署到 Heroku,您需要指向特定的文件位置。这对我有用(在 config/initializers/omniauth.rb 中):

Rails.application.config.middleware.use OmniAuth::Builder do
  # This cert location is only for Heroku
  provider :facebook, APP_ID, APP_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end

If you are deploying to Heroku, you want to point to the specific file location. This works for me (in config/initializers/omniauth.rb):

Rails.application.config.middleware.use OmniAuth::Builder do
  # This cert location is only for Heroku
  provider :facebook, APP_ID, APP_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
回复 原文
剪不断理还乱 2024-10-05 10:26:27

我用 CA 捆绑包解决了这个问题: http://certifie.com/ca-bundle/

并在我的设计初始值设定项:

:client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } }

I solved this with CA bundle from: http://certifie.com/ca-bundle/

And in my Devise initializer:

:client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } }
回复 原文
看透却不说透 2024-10-05 10:26:27

看起来 Omniauth 现在使用的是更新版本的 Faraday,这解释了为什么上面的猴子补丁对我不起作用。我同意必须有更好的方法,但对于只需要让它工作来测试的其他人,这里有一个更新版本:(

使用以下代码在初始化器目录中创建一个文件)

require 'faraday'
module Faraday
class Adapter
 class NetHttp < Faraday::Adapter
  def call(env)
  super
  url = env[:url]
  req = env[:request]

  http = net_http_class(env).new(url.host, url.inferred_port)

  if http.use_ssl = (url.scheme == 'https' && env[:ssl])
    ssl = env[:ssl]
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    http.cert        = ssl[:client_cert] if ssl[:client_cert]
    http.key         = ssl[:client_key]  if ssl[:client_key]
    http.ca_file     = ssl[:ca_file]     if ssl[:ca_file]
    http.cert_store  = ssl[:cert_store]  if ssl[:cert_store]
  end

  http.read_timeout = http.open_timeout = req[:timeout] if req[:timeout]
  http.open_timeout = req[:open_timeout]                if req[:open_timeout]

  if :get != env[:method]
    http_request = Net::HTTPGenericRequest.new \
      env[:method].to_s.upcase,    # request method
      !!env[:body],                # is there data
      true,                        # does net/http love you, true or false?
      url.request_uri,             # request uri path
      env[:request_headers]        # request headers

    if env[:body].respond_to?(:read)
      http_request.body_stream = env[:body]
      env[:body] = nil
    end
  end

  begin
    http_response = if :get == env[:method]
      # prefer `get` to `request` because the former handles gzip (ruby 1.9)
      http.get url.request_uri, env[:request_headers]
    else
      http.request http_request, env[:body]
    end
  rescue Errno::ECONNREFUSED
    raise Error::ConnectionFailed, $!
  end

  http_response.each_header do |key, value|
    response_headers(env)[key] = value
  end
  env.update :status => http_response.code.to_i, :body => http_response.body

  @app.call env
end
end
end
end

Looks like Omniauth now uses a newer version of Faraday, which explains why the monkey patch above wasn't working for me. I agree there must be a better way, but for anyone else who just needs to get it working to test, here's an updated version:

(create a file in your initializers directory with the following code)

require 'faraday'
module Faraday
class Adapter
 class NetHttp < Faraday::Adapter
  def call(env)
  super
  url = env[:url]
  req = env[:request]

  http = net_http_class(env).new(url.host, url.inferred_port)

  if http.use_ssl = (url.scheme == 'https' && env[:ssl])
    ssl = env[:ssl]
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    http.cert        = ssl[:client_cert] if ssl[:client_cert]
    http.key         = ssl[:client_key]  if ssl[:client_key]
    http.ca_file     = ssl[:ca_file]     if ssl[:ca_file]
    http.cert_store  = ssl[:cert_store]  if ssl[:cert_store]
  end

  http.read_timeout = http.open_timeout = req[:timeout] if req[:timeout]
  http.open_timeout = req[:open_timeout]                if req[:open_timeout]

  if :get != env[:method]
    http_request = Net::HTTPGenericRequest.new \
      env[:method].to_s.upcase,    # request method
      !!env[:body],                # is there data
      true,                        # does net/http love you, true or false?
      url.request_uri,             # request uri path
      env[:request_headers]        # request headers

    if env[:body].respond_to?(:read)
      http_request.body_stream = env[:body]
      env[:body] = nil
    end
  end

  begin
    http_response = if :get == env[:method]
      # prefer `get` to `request` because the former handles gzip (ruby 1.9)
      http.get url.request_uri, env[:request_headers]
    else
      http.request http_request, env[:body]
    end
  rescue Errno::ECONNREFUSED
    raise Error::ConnectionFailed, $!
  end

  http_response.each_header do |key, value|
    response_headers(env)[key] = value
  end
  env.update :status => http_response.code.to_i, :body => http_response.body

  @app.call env
end
end
end
end
回复 原文
不顾 2024-10-05 10:26:27

所有的解决方案都不适合我,然后我发现了这个

http:// railsapps.github.io/openssl-certificate-verify-failed.html

rvm osx-ssl-certs update all

osx 10.8 ruby​​ 2.0.0 通过 rvm

all of the solutions didnt work for me, then i've found this

http://railsapps.github.io/openssl-certificate-verify-failed.html

rvm osx-ssl-certs update all

osx 10.8 ruby 2.0.0 via rvm

回复 原文
む无字情书 2024-10-05 10:26:27

编辑:检查下面的答案,因为它更相关

这对我有用(修复由 https:/ /github.com/jspooner):

使用以下猴子补丁在初始化程序的目录中创建一个文件:

require 'faraday'
module Faraday
class Adapter
 class NetHttp < Faraday::Adapter
  def call(env)
    super

    is_ssl = env[:url].scheme == 'https'

    http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80))
    if http.use_ssl = is_ssl
      ssl = env[:ssl]
      if ssl[:verify] == false
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      else
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE # <= PATCH or HACK ssl[:verify]
      end
      http.cert    = ssl[:client_cert] if ssl[:client_cert]
      http.key     = ssl[:client_key]  if ssl[:client_key]
      http.ca_file = ssl[:ca_file]     if ssl[:ca_file]
    end
    req = env[:request]
    http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout]
    http.open_timeout = req[:open_timeout]               if req[:open_timeout]

    full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment)
    http_req  = Net::HTTPGenericRequest.new(
      env[:method].to_s.upcase,    # request method
      (env[:body] ? true : false), # is there data
      true,                        # does net/http love you, true or false?
      full_path,                   # request uri path
    env[:request_headers])       # request headers

    if env[:body].respond_to?(:read)
      http_req.body_stream = env[:body]
      env[:body] = nil
    end

    http_resp = http.request http_req, env[:body]

    resp_headers = {}
    http_resp.each_header do |key, value|
      resp_headers[key] = value
    end

    env.update \
      :status           => http_resp.code.to_i,
      :response_headers => resp_headers,
      :body             => http_resp.body

    @app.call env
  rescue Errno::ECONNREFUSED
    raise Error::ConnectionFailed.new(Errno::ECONNREFUSED)
  end

  def net_http_class(env)
    if proxy = env[:request][:proxy]
      Net::HTTP::Proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password])
    else
      Net::HTTP
    end
  end
 end
end
end

Edit: Check the answer below as it is more relevant

This worked for me (fix courtesy of https://github.com/jspooner):

Create a file in your initializer's directory with the following monkey patch:

require 'faraday'
module Faraday
class Adapter
 class NetHttp < Faraday::Adapter
  def call(env)
    super

    is_ssl = env[:url].scheme == 'https'

    http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80))
    if http.use_ssl = is_ssl
      ssl = env[:ssl]
      if ssl[:verify] == false
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      else
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE # <= PATCH or HACK ssl[:verify]
      end
      http.cert    = ssl[:client_cert] if ssl[:client_cert]
      http.key     = ssl[:client_key]  if ssl[:client_key]
      http.ca_file = ssl[:ca_file]     if ssl[:ca_file]
    end
    req = env[:request]
    http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout]
    http.open_timeout = req[:open_timeout]               if req[:open_timeout]

    full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment)
    http_req  = Net::HTTPGenericRequest.new(
      env[:method].to_s.upcase,    # request method
      (env[:body] ? true : false), # is there data
      true,                        # does net/http love you, true or false?
      full_path,                   # request uri path
    env[:request_headers])       # request headers

    if env[:body].respond_to?(:read)
      http_req.body_stream = env[:body]
      env[:body] = nil
    end

    http_resp = http.request http_req, env[:body]

    resp_headers = {}
    http_resp.each_header do |key, value|
      resp_headers[key] = value
    end

    env.update \
      :status           => http_resp.code.to_i,
      :response_headers => resp_headers,
      :body             => http_resp.body

    @app.call env
  rescue Errno::ECONNREFUSED
    raise Error::ConnectionFailed.new(Errno::ECONNREFUSED)
  end

  def net_http_class(env)
    if proxy = env[:request][:proxy]
      Net::HTTP::Proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password])
    else
      Net::HTTP
    end
  end
 end
end
end
回复 原文
薯片软お妹 2024-10-05 10:26:27

我正在使用 Faraday 0.6.1 和 OAUTH2(单独使用,没有被任何东西包裹)。这足以解决我的问题(在Gentoo上,应该在Ubunto上工作)

把这个

  client = OAuth2::Client.new(FACEBOOK_API_KEY, FACEBOOK_API_SECRET, :site => FACEBOOK_API_SITE)

变成这个

  client = OAuth2::Client.new(FACEBOOK_API_KEY, FACEBOOK_API_SECRET, :site => FACEBOOK_API_SITE, :ssl => {:ca_path => '/etc/ssl/certs' })

I'm using Faraday 0.6.1, and OAUTH2 (alone, not wrapped by anything). This was enough to solve the problem for me (on Gentoo, should work on Ubunto)

Turn this

  client = OAuth2::Client.new(FACEBOOK_API_KEY, FACEBOOK_API_SECRET, :site => FACEBOOK_API_SITE)

Into this

  client = OAuth2::Client.new(FACEBOOK_API_KEY, FACEBOOK_API_SECRET, :site => FACEBOOK_API_SITE, :ssl => {:ca_path => '/etc/ssl/certs' })
回复 原文
も让我眼熟你 2024-10-05 10:26:27

通过确保 openSSL 使用正确的证书目录解决了我的问题:

对于我的系统(ubuntu64),这是:
ENV['SSL_CERT_DIR'] = '/usr/share/ca-certificates/'

这是在 JRuby 1.6.0 中使用 jruby-openssl

我刚刚将此设置添加到development.rb

My problem was solved by ensuring that openSSL was using the right certificate directory:

For my system(ubuntu64) this was:
ENV['SSL_CERT_DIR'] = '/usr/share/ca-certificates/'

This was using jruby-openssl with JRuby 1.6.0

I just added this setting to development.rb

回复 原文
去了角落 2024-10-05 10:26:27

我知道这听起来微不足道,但请确保您使用正确的协议。我不断收到此错误,然后意识到我正在尝试通过 http 连接。浪费了1.5个小时,因为我是个白痴。

I know this sounds trivial, but make sure you are using the right protocol. I kept getting this error and then realized that I was trying to connect via http. 1.5 hours wasted because I am an idiot.

回复 原文
謌踐踏愛綪 2024-10-05 10:26:27

这似乎是 1.9.x 的问题。恢复到 1.8.7 解决了该问题。

This seems to be a 1.9.x issue. Reverting to 1.8.7 fixed the issue.

回复 原文
坏尐絯 2024-10-05 10:26:27

如果您在 Leopard 上遇到问题,以下是我所做的,对您有帮助。

我的证书很旧,需要更新。我下载了这个:

http://curl.haxx.se/ca/cacert.pem

然后替换我在 Leopard 上找到的证书:

/usr/share/curl/curl-ca-bundle.crt

重新加载您正在访问它的任何内容,您应该可以开始了!

Here's what I did that helped if you are specifically having a problem on Leopard.

My cert was old and needed to be updated. I downloaded this:

http://curl.haxx.se/ca/cacert.pem

Then replaced my cert which was found here on Leopard:

/usr/share/curl/curl-ca-bundle.crt

Reload whatever you have that's accessing it and you should be good to go!

回复 原文
淡淡的优雅 2024-10-05 10:26:27

只是因为说明对我有用,所以我想添加我的 2 美分:

我在 OS X Lion 上并使用 macports 和 rvm

我安装了curl-ca-bundle:

sudo port install curl-ca-bundle

然后我将omniauth配置调整为这:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
           :scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
           :ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end

Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:

I'm on OS X Lion and using macports and rvm

I installed curl-ca-bundle:

sudo port install curl-ca-bundle

Then I adjusted my omniauth config to be this:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
           :scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
           :ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end
回复 原文
只是我以为 2024-10-05 10:26:27

在 Ubuntu 上,我所要做的就是将 /environments/development.rb 更新为:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

然后:

cd /etc/ssl/certs
sudo wget http://curl.haxx.se/ca/cacert.pem

wola!

On Ubuntu, all I had to do was update /environments/development.rb to:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

and then:

cd /etc/ssl/certs
sudo wget http://curl.haxx.se/ca/cacert.pem

wola!

回复 原文
莫相离 2024-10-05 10:26:27

我终于找到了山狮的修复方法。请参阅:http://coderwall.com/p/f4hyqw

rvm pkg install openssl
rvm reinstall 1.9.3 --with-openssl-dir=$rvm_path/usr

I finally found a fix for Mountain Lion. See: http://coderwall.com/p/f4hyqw

rvm pkg install openssl
rvm reinstall 1.9.3 --with-openssl-dir=$rvm_path/usr
回复 原文
后eg是否自 2024-10-05 10:26:27

我在 Mountain Lion 上使用 RVM 时遇到了类似的错误。 Ruby 似乎找不到授权 SSL 连接所需的 CA 证书。您需要安装一个。这个解决方案成功了:

http://fredwu .me/post/28834446907/fix-openssl-error-on-mountain-lion-and-rvm

(虽然我实际上无法在浏览器中加载该页面,但我必须在 Google 缓存中找到它。 )

这是简短的答案:

curl http://curl.haxx.se/ca/cacert.pem -o ~/.rvm/usr/ssl/cert.pem

就完成了。

I encountered a similar error using RVM on Mountain Lion. It seems that Ruby can't find the CA certificate it needs to authorise the SSL connection. You need to install one. This solution did the trick:

http://fredwu.me/post/28834446907/fix-openssl-error-on-mountain-lion-and-rvm

(Although I couldn't actually load that page in my browser, I had to find it in the Google cache.)

Here's the short answer:

curl http://curl.haxx.se/ca/cacert.pem -o ~/.rvm/usr/ssl/cert.pem

And you're done.

回复 原文
~没有更多了~

关于作者

心是晴朗的。

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文