0
我試圖訪問使用TLS 1.2第三方API,但得到SSL錯誤事件提供有效證明如何使用TLS 1.2 Ruby的HTTP客戶端
紅寶石版本:
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
Rails的版本:
Rails 4.2.5
CODE:
ua = Net::HTTP.new(SERVER, 443)
ua.instance_eval {
@ssl_context = OpenSSL::SSL::SSLContext.new
options = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
if OpenSSL::SSL.const_defined?('OP_NO_COMPRESSION')
options |= OpenSSL::SSL::OP_NO_COMPRESSION
end
@ssl_context.set_params({options: options})
}
# ua.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2) }
ua.use_ssl = true
# Checks presence of CA certificate
if File.directory?(RootCA)
ua.ca_path = RootCA
ua.verify_mode = OpenSSL::SSL::VERIFY_PEER
ua.verify_depth = 3
else
puts "Invalid CA certificates directory. Exiting..."
exit
end
錯誤:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:852:in `start'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1398:in `request'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1421:in `send_entity'
from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1209:in `post'
的OpenSSL :: SSL :: SSLContext.new( 'TLSv1_2_client') 解決後至少這就是我正在使用的。 –
使用TLS 1.0和[服務器名稱指示](http://en.wikipedia.org/wiki/Server_Name_Indication)。另請參見[如何設置的SSLContext選項紅寶石(http://stackoverflow.com/q/3818232)和[如何設置Ruby的TLS上下文選項(如OpenSSL的:: SSL :: SSL_OP_NO_SSLv2)](HTTP:// stackoverflow.com/q/22550213)。我在Ruby中使用簡單的安全性101的事情變得非常沮喪,我不再使用它。 – jww