问题描述
我在Heroku上托管了Rails API服务器,该服务器向客户端在初始API请求中指定的回调URL发出异步POST请求.
I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.
当我尝试通过SSL发布到客户的一个Web应用程序时遇到问题.
I have a problem when I try to POST to one of my clients' webapp over SSL.
connection = Faraday::Connection.new('https://subdomain.some_client.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/test'
以下内容引发错误:
Faraday::Error::ConnectionFailed: SSL_connect returned=1 errno=0 state=error: certificate verify failed
但是,如果我通过HTTPS发布到另一台服务器(例如google),则效果很好
However, if I post to another server over HTTPS, for example google, it works fine
connection = Faraday::Connection.new('https://www.google.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/'
这是否表示故障出在客户端的SSL配置上?如果可以,我如何协助他们调试问题?
Does this mean the fault is on the client's SSL configuration? and if so, how can I assist them in debugging the problem?
更新:
我可以毫无问题地将URL POST到客户端的webapp,只有当我通过ruby的HTTP库进行操作时,它才会失败
I can cURL POST to the client's webapp without problems, it's only when I do it through ruby's HTTP libraries it fails
非常感谢谢谢
推荐答案
我的猜测是您客户的Web应用程序的SSL证书存在问题.可能是证书过期或无效.您可以尝试这个答案.
My guess is that there is a problem with the SSL cert for your client's web app. Perhaps there is a certificate that is out of date or invalid. You could try this answer.
如果您需要解决此问题(但由于潜在的安全漏洞,可能不是一个好的永久解决方案),则应该能够通过将其放在Bundler.require之前的应用程序中来关闭证书验证./p>
If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
这篇关于OpenSSL :: SSL :: SSL错误:SSL_connect返回= 1 errno = 0状态=错误:证书验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!