我正在编写一个小的实用程序脚本,该脚本使用Windows上的Ruby的Net::HTTP模块通过HTTPS处理一些RESTful API。我始终收到此错误:

C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from C:/Ruby22-x64/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:1375:in `request'

根据this post,我缺少默认的CA证书。我运行了他的“ssl doctor”脚本,它给出了以下诊断信息:
C:\Users\Megaflux\Documents\GitHub\Github_Backup> ruby doctor.rb
C:/Ruby22-x64/bin/ruby (2.2.2-p95)
OpenSSL 1.0.1l 15 Jan 2015: C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""

HEAD https://status.github.com:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The server presented a certificate that could not be verified:
  subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
  issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
  error code 20: unable to get local issuer certificate

Possible causes:
  `C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/cert.pem' does not exist
  `C:/Users/Justin/Projects/knap-build/var/knapsack/software/x64-windows/openssl/1.0.1l/ssl/certs/' is empty

我可以下载一些根CA证书并将其安装在该目录中,这并不难。但是贾斯汀是谁?我的计算机上没有该用户,所以我不必创建那些文件夹。有谁知道如何更改默认的SSL证书目录?

非常感谢。

编辑:
为了完整起见,我将在此处生成错误的脚本丢到这里
require 'open-uri'
open("https://www.google.com/") {|f|
   f.each_line {|line| p line}
}

最佳答案

RubyInstaller issue #153



tl; dr:Justin是编译您的OpenSSL二进制文件的人。

10-05 20:48
查看更多