问题描述
我试图通过Facebook或Twitter验证用户,让他们填写他们的信息,然后点击保存(从而创建用户记录)。在最后一步,我得到一个OpenSSL错误 - 点击保存后。这发生在Devise RegistrationsController#create方法中。
所以我在我的Rails应用程序中发现了这个错误:
2012-07-28T18:25:13 + 00:00 app [web.1]:OpenSSL :: SSL :: SSLError(SSL_connect returned = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败)
我见过很多解决方案,他们工作。以下是我尝试过的一些事情:
1)安装认证
gem
2)将Heroku Gem升级到v2.30,再次推送
3):
Rails.application.config.middleware.use OmniAuth :: Builder do
provider:twitter,TWITTER_KEY,TWITTER_SECRET,{:client_options => {:ssl => {:ca_file => /usr/lib/ssl/certs/ca-certificates.crt}}}
提供者:Facebook,FACEBOOK_KEY,FACEBOOK_SECRET,{:scope => publish_actions,user_location,email,:client_options => {:ssl => {:ca_file => /usr/lib/ssl/certs/ca-certificates.crt}}}
结束
似乎有一个问题可能是这个证书文件实际上并不存在 - 我已经在几个地方看到过,似乎这是Heroku的ca_cert文件的默认路径,但我可能是错误。
更新:我将此行添加到了Omniauth初始化程序,现在它起作用。因此我诊断出这个问题与Omniauth有关。然而,我想仍然有SSL验证......这显然留下了安全漏洞。
OpenSSL :: SSL :: VERIFY_PEER = OpenSSL :: SSL :: VERIFY_NONE
/ p>
如果您使用Ruby通过https打开与外部服务器的连接,例如。您可能会遇到以下错误:
OpenSSL :: SSL :: SSLError:SSL_connectreturned = 1errno = 0state = SSLv3readservercertificateB:certificateverifyfailed
此错误是由于Ruby无法找到证书颁发机构证书(CA证书)用于验证安全Web服务器的真实性。解决方案是将此下载到您的应用程序的 lib /
目录:
然后将以下代码添加到 config / initializers / fix_ssl.rb
:
require'open-uri'
require'net / https'
模块净
类HTTP
alias_method:original_use_ssl =,:use_ssl =
def use_ssl =(flag)
self.ca_file = Rails.root.join('lib / ca-bundle.crt')。to_s
self.verify_mode = OpenSSL :: SSL :: VERIFY_PEER
self.original_use_ssl = flag
end
end
end
这应该强制ruby使用您的应用程序的lib /目录中的CA包。
取自:
更新:
您可能需要使用 self.ca_path =
而不是 self.ca_file =
取决于在你的系统上。
I'm trying to authenticate a user via Facebook or Twitter, get them to fill out their information, and then click save (thus creating a user record). I'm getting an OpenSSL error on that final step -- after clicking save. This happens at the Devise RegistrationsController#create method.
So I'm getting this error in my Rails application, hosted on Heroku:
2012-07-28T18:25:13+00:00 app[web.1]: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I've seen plenty of solutions, none of them work. Here are some things I've tried:
1) Installing the certified
gem
2) Upgrading the Heroku gem to v2.30, pushing again
3) This:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:scope => "publish_actions,user_location,email", :client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
It seems like one problem could be that this cert file doesn't actually exist -- I've seen it in several places, and it seems like that is the default path to the ca_cert file for Heroku, but I could be wrong.
Oddly enough, this is happening after I've already authenticated via FB/Twitter, and am trying to create a user's account. Why would this be, and how can I solve/debug this? Sincerely confused.
Update: I added this line to the Omniauth initializer, and now it "works". Thus I've diagnosed the problem is with Omniauth. However, I'd like to still have the SSL verification... this obviously leaves a security gap.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After some searching here is what I found:
If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:
OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed
This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/
directory:Then add the following code to config/initializers/fix_ssl.rb
:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
This should force ruby to use the CA bundle from your application’s lib/ directory.
Taken from: http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
UPDATE:
You may need to use self.ca_path=
instead of self.ca_file=
depending on your system.
这篇关于Heroku上的OpenSSL :: SSL :: SSLError的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!