问题描述
我正在尝试从我的应用发布到Web服务,并且经常收到以下错误消息.
I am trying to post to a web service from my app and I am getting the following error frequently.
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
我发送发给请求的文件,其中包含由指南针发出的crt文件和我自己生成的密钥文件.
I send post request with the crt file issued by compassplus and key file generated by myself.
def payment
@booking = 12
uri = URI("https://test.compassplus.com:8444/Exec")
xml = Builder::XmlMarkup.new
xml.instruct! :xml, :version => '1.0'
xml.TKKPG {
xml.Request {
xml.Operation("CreateOrder")
xml.language("EN")
xml.Order {
xml.OrderType("Purchase")
xml.Merchant("123456")
xml.Amount("10000")
xml.Currency("840")
xml.Description("Tour Purchase")
xml.ApproveURL("/thankyou.html")
xml.CancelURL("/error.html")
xml.DeclineURL("/declined.html")
xml.email("")
xml.phone("")
xml.AddParams {
xml.FADATA("")
xml.SenderPostalCode("")
xml.AcctType("")
xml.TranAddendums("")
xml.TranAdddendumsVISA("")
xml.TranAdddendumsMC("")
xml.TranAdddendumsAMEX("")
xml.TranAdddendumsJCB("")
xml.OrderExpirationPeriod("")
xml.OrigAmount("")
xml.OrigCurrency("")
}
}
}
}
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.read(File.join(Rails.root, "/crt/gvtrek.com.pem"))
@request = http.post(uri, xml)
end
我从本地主机发送发布请求时收到SSL错误,而从生产环境发送该请求时超时.我不知道问题所在.帮我修复它.我正在使用macOS Mojave.
I am getting SSL error when I send post request from localhost and timeout when I send it from production. I couldn't figure out the problem. Help me to get it fix. I am working on macOS Mojave.
推荐答案
经过大量测试,我找到了正确的解决方案.问题在于证书文件声明.
After lots of testing, I found the correct solution. The problem was with the cert file declaration.
我尝试使用捆绑的证书文件(example.com.pem)发送发帖请求
I tried sending the post request using the bundled cert files (example.com.pem)
http.ca_file = File.read(File.join(Rails.root, "/crt/example.com.pem"))
所以,我用每个crt和密钥文件更改了上面的声明
So, I changed the above declaration with the each crt and key files
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'}).
现在可以了.
完整代码
uri = URI("https://test.compassplus.com:8444/Exec")
xml = "
<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language></Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>99999</Merchant>
<Amount>10000</Amount>
<Currency>524</Currency>
<Description>Tour Purchase</Description>
<ApproveURL>/approve.html</ApproveURL>
<CancelURL>/cancel.html</CancelURL>
<DeclineURL></DeclineURL>
<email></email>
<phone></phone>
<AddParams>
<FA-DATA></FA-DATA>
<SenderPostalCode></SenderPostalCode>
<AcctType></AcctType>
<TranAddendums></TranAddendums>
<TranAddendumsVISA></TranAddendumsVISA>
<TranAddendumsMC></TranAddendumsMC>
<TranAddendumsAMEX></TranAddendumsAMEX>
<TranAddendumsJCB></TranAddendumsJCB>
<OrderExpirationPeriod></OrderExpirationPeriod>
<OrigAmount></OrigAmount>
<OrigCurrency></OrigCurrency>
</AddParams>
<Fee></Fee>
</Order>
</Request>
</TKKPG>
"
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'})
@res = http.request(req, xml)
参考.
HTTP库Ruby是否具有HTTPS,SSL客户端证书和Keep-Alive支持?
这篇关于SSL_connect返回= 1 errno = 0状态=错误:证书验证失败(无法获取本地发行者证书)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!