当前位置: 文江博客话题详情

如何摆脱 OpenSSL::SSL::SSLError

发布于 2024-11-01 21:03:56 字数 446 浏览 3 评论 0原文

我正在尝试使用 OmniAuth 对 Facebook 用户进行身份验证。最初,它可以工作,但一路上它停止工作并开始给我这个错误消息:

OpenSSL::SSL::SSLError SSL_connect 返回=1 错误号=0 状态=SSLv3 读取 服务器证书B:证书 验证失败

相同的代码适用于 Twitter,但我似乎无法理解为什么它不适用于 Facebook。我在网上寻求帮助,但没有成功。

这是我正在构建的网站的链接:http://www.bestizz.com/
这个网址会给你错误消息: http://www.bestizz.com/auth/facebook

原文

I am trying to authenticate users with Facebook using OmniAuth. Initially, it was working, but along the way it just stopped working and started to give me this error message:

OpenSSL::SSL::SSLError SSL_connect
returned=1 errno=0 state=SSLv3 read
server certificate B: certificate
verify failed

The same code works well for Twitter and I can't seem to understand why it doesn't work for Facebook. I have looked online for help, but I haven't been successful.

This is the link to the website I am building: http://www.bestizz.com/
And this url would give you the error message: http://www.bestizz.com/auth/facebook

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

汹涌人海 2024-11-08 21:03:56

Ruby 找不到任何根证书。这是用于调试目的的选项。将以下代码放在脚本的开头:

   require 'openssl'
   OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:

   require 'openssl'
   OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
回复 原文
谜兔 2024-11-08 21:03:56

将以下代码添加到 config/initializers/fix_ssl.rb

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt"  # for Centos/Redhat
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

注意:

许多操作系统已经附带了提供的证书包。
例如,在 Red Hat Enterprise Linux 和 CentOS 中,它安装在:

/etc/pki/tls/certs/ca-bundle.crt

对于 Ubuntu,其安装位置为:

/etc/ssl/certs/ca-certificates.crt

Add the following code to config/initializers/fix_ssl.rb

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt"  # for Centos/Redhat
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

Note:

Many operating systems already come with a supplied certificate bundle.
For example in Red Hat Enterprise Linux and CentOS it's installed in:

/etc/pki/tls/certs/ca-bundle.crt

For Ubuntu its at:

/etc/ssl/certs/ca-certificates.crt
回复 原文
夜巴黎 2024-11-08 21:03:56

更新在 Yosemite 上运行的 Ruby 后,但在尝试通过 Google 进行身份验证时,我遇到了同样的问题。

接下来:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html似乎解决了我的问题。

为了历史的缘故,我将引用:

因此,rvm 安装的 ruby​​ 确实会查找错误的证书目录,而 OSX-ruby 将查找正确的目录。在这种情况下,它是一个 OSX 系统目录。

所以rvm安装的ruby就是问题所在。

Github 上的讨论最终给出了解决方案:RVM 附带了一个预编译版本的 ruby​​,它静态链接到 openssl,该 openssl 会在 /etc/openssl 中查找其证书。

您想要做的不是使用任何预编译的 ruby​​,而是在本地计算机上编译 ruby​​,如下所示:rvm install 2.2.0 --disable-binary

最后,我必须运行:

rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all

希望这会有所帮助

I've been facing the same problem after updating Ruby running on Yosemite, but while trying to authenticate with Google.

Following this: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html seemed to solve my problem.

For the sake of history I'll quote:

So the rvm-installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one. In it's case that is a OSX system-directory.

So the rvm-installed ruby is the problem.

This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.

What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary

In the end, I had to run:

rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all

Hope this helps

回复 原文
笑着哭最痛 2024-11-08 21:03:56

Facebook 的 SSL 验证似乎失败了。我不是 OpenSSL 大师,但我认为这应该适合你。

假设您使用的是 OmniAuth 的最新版本(>= 0.2.2,我假设您是)和 Faraday >= 0.6.1 的版本(堆栈跟踪表明您是),您可以通过您的 CA 证书捆绑包的位置。相应地修改 Facebook 的 OmniAuth 设置:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
  # other providers...
end

并将 '/etc/ssl/certs' 替换为您的捆绑包的路径。如果您需要一个,我相信此文件将适合您 - 只需将其放入在某个地方,给予它必要的权限,然后将你的应用程序指向它。

感谢 Alex Kremer 在 这个 SO 答案 中提供的详细说明。

Looks like SSL verification is failing for Facebook. I'm no OpenSSL master, but I think this should work for you.

Assuming you're using an up-to-date version of OmniAuth (>= 0.2.2, I assume you are) and a version of Faraday >= 0.6.1 (the stack trace says you are), you can pass the location of your CA certificates bundle. Modify your OmniAuth setup for Facebook accordingly:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
  # other providers...
end

and replace '/etc/ssl/certs' with the path to your bundle. If you need one, I believe this file will work for you--just put it somewhere, give it necessary permissions, and point your app at it.

Thanks to Alex Kremer at this SO answer for the detailed instructions.

回复 原文
差↓一点笑了 2024-11-08 21:03:56

该链接应该有效。 https://gist.github.com/fnichol/867550 只需按照说明进行操作即可。您需要下载 Rails 安装程序并运行两个命令行函数。

This link should work. https://gist.github.com/fnichol/867550 Just follow the instructions. You will need to download Rails installer and run two command line functions.

回复 原文
池予 2024-11-08 21:03:56

这样做,这将摆脱 openssl 的证书错误

sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem

Do this, this will get ride of the certificate error with openssl

sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem
回复 原文
醉态萌生 2024-11-08 21:03:56

我刚刚做的一个丑陋的解决方法是覆盖 Net::HTTP 中的类并设置告诉它不验证 ssl 证书的变量:

    require 'net/http'
    require 'openssl'

    class Net::HTTP   
        alias_method :orig_connect, :connect

        def connect
          @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
          orig_connect
        end
    end

我这样做是因为我不想破坏 gem 的源代码调用 gem,而 gem 又调用 gem,而 gem 又调用 Net::HTTP。我真的应该回去弄清楚如何推动它查看单独的 cacert.pem 文件。我无法修改服务器的 cacert.pem 文件,否则那将是最佳路线。

An ugly workaround I just did is to override the class in Net::HTTP and set the variable which tells it to not verify ssl certs:

    require 'net/http'
    require 'openssl'

    class Net::HTTP   
        alias_method :orig_connect, :connect

        def connect
          @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
          orig_connect
        end
    end

I did it this way because I don't want to muck with the source code of the gem which calls the gem which calls the gem which calls Net::HTTP. I should really go back and figure out how to nudge it to look at a separate cacert.pem file instead. I can't modify the server's cacert.pem file, or that would be the best route.

回复 原文
~没有更多了~

关于作者

ㄟ。诗瑗

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

小瓶盖

文章 0 评论 0

wxsp_Ukbq8xGR

文章 0 评论 0

1638627670

文章 0 评论 0

仅一夜美梦

文章 0 评论 0

夜访吸血鬼

文章 0 评论 0

近卫軍团

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文