为什么在 Windows 上使用 Mechanize 访问 SSL 站点会失败,但在 Mac 上却可以?
这是我用来连接 SSL 站点的代码。
require 'mechanize'
a = Mechanize.new
page = a.get 'https://site.com'
我正在使用 Ruby 1.9.3 和 Mechanize 2.1pre1 + 依赖项。在 Mac 上,上述代码有效并返回页面。在运行相同版本的 Windows 7 上,它给出以下错误:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
恢复到 Mechanize 2.0.1 似乎可以解决这个问题,但我随后遇到了对等方重置的连接过多问题,因此
我尝试过执行a.verify_mode =。 false,但这没有任何作用,我读到您可以使用以下方法关闭 SSL 验证:
open(uri,:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)
如何在 Mechanize 中关闭它? 为什么我只在 Windows 上收到此错误?
This is the code I'm using to connect to the SSL site.
require 'mechanize'
a = Mechanize.new
page = a.get 'https://site.com'
I"m using using Ruby 1.9.3 and Mechanize 2.1pre1 + dependencies. On Mac the above code works and returns the page. On windows 7 running the same versions it gives me the following error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
Reverting to Mechanize 2.0.1 seems to solve this problem, but I then get plagued with the too many connections reset by peer problem. Thus that is not a solution.
I've tried doing a.verify_mode = false, but that does not do anything. I have read that you can turn off SSL verification by using:
open(uri,:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)
How can I turn it off in Mechanize ? Why am I only getting this error on Windows ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
OpenSSL 的版本(用于与
Net::HTTPS建立安全连接的库)无法在您的计算机中正确找到证书链。不幸的是,OpenSSL 永远无法使用 Windows 安装的证书存储来验证远程服务器,因此会失败。
从您的示例中,您可以执行以下操作:
为了避免验证,但这远非理想(由于明显的安全问题),
我建议您下载一些证书捆绑包(例如来自curl的证书捆绑包):
http://curl.haxx.se/ca
并将您的代码修改为如下所示:
这似乎有效,Ruby 1.9.3-p0 (i386-mingw32), Windows 7x64 和mechanize 2.1.pre.1
希望有帮助。
The version of OpenSSL (the library used to establish secure connections with
Net::HTTPS) is not able to properly find the certificate chain in your computer.To our bad, OpenSSL was never able to use the Windows installed cert storage to validate remote servers so is failing because of that.
From your example, you can do:
To avoid the verification, however that is far from ideal (due clear security issues)
I recommend you download some cert bundles (like the ones from curl):
http://curl.haxx.se/ca
And modify your code to something like this:
That seems to work, Ruby 1.9.3-p0 (i386-mingw32), Windows 7 x64 and mechanize 2.1.pre.1
Hope that helps.
路易斯的回答看起来不错,但更笼统地说:
Luis' answer looks fine but more generally:
您可以简单地执行以下操作:
这适用于最新版本 2.8
You can simply do the following:
This worked on the latest version 2.8