我正在编写一个小的实用程序脚本,该脚本使用Windows上的Ruby的Net::HTTP模块通过HTTPS处理一些RESTful API。我始终收到此错误:
C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from C:/Ruby22-x64/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:852:in `start'
from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:1375:in `request'
根据this post,我缺少默认的CA证书。我运行了他的“ssl doctor”脚本,它给出了以下诊断信息:
C:\Users\Megaflux\Documents\GitHub\Github_Backup> ruby doctor.rb
C:/Ruby22-x64/bin/ruby (2.2.2-p95)
OpenSSL 1.0.1l 15 Jan 2015: C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""
HEAD https://status.github.com:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The server presented a certificate that could not be verified:
subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
error code 20: unable to get local issuer certificate
Possible causes:
`C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/cert.pem' does not exist
`C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/certs/' is empty
我可以下载一些根CA证书并将其安装在该目录中,这并不难。但是贾斯汀是谁?我的计算机上没有该用户,所以我不必创建那些文件夹。有谁知道如何更改默认的SSL证书目录?
非常感谢。
编辑:
为了完整起见,我将在此处生成错误的脚本丢到这里
require 'open-uri'
open("https://www.google.com/") {|f|
f.each_line {|line| p line}
}
最佳答案
RubyInstaller issue #153
tl; dr:Justin是编译您的OpenSSL二进制文件的人。