问题描述
我知道有关此错误的讨论很多,但很抱歉,我无法在那找到任何可行的解决方案.
I know there are lots of discussion regarding this error but sorry to say that I'm unable to find any working solution over there.
我正在使用 ShareTribe 开发一个电子商务网站.我正在尝试将Paypal用作支付网关.因此,我正在使用 Activemerchant .
I'm developing a ecommerce site using ShareTribe.I'm trying to implement Paypal as payment gateway.So I'm using Activemerchant.
在开发机上一切正常,但是当我将Rails应用程序部署到生产环境时,它会抛出
Everything works fine on development machine but when I deploy my rails app to production It throws
我正在将Activemerchant初始化为
I'm initializing my Activemerchant as
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
paypal_options = {
login: "bla bla",
password: "bla bla",
signature: "bla bla",
appid: "APP-80W284485P519543T"
}
::EXPRESS_GATEWAY = ActiveMerchant::Billing::PaypalExpressGateway.new(paypal_options)
end
添加了HTTPS并禁用了SSLV3
经过大量的搜索后,我发现了
Added HTTPS and Disabled SSLV3
After lots of googling I found that
所以我如下所示禁用了SSLV3
So I disabled SSLV3 as shown below
openssl s_client -connect kickmarket.eu:443
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.kickmarket.eu
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
...........................................
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.kickmarket.eu
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2038 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 4D23F4A942AAD4264BE96EB5F1E62204269D882A64ACFBD2D139CD2F10A449A0
Session-ID-ctx:
Master-Key: 1E381DAA3BA90FE3609606716E7E9A2EB2E2F671E9F3C4005D8EBAE009103A7AB771FB2AC8B45F169F43CBD0AD352E06
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
..................................
Start Time: 1446132175
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
但是重启nginx之后我遇到了同样的问题,是否有任何方法可以解决这个问题.任何建议将不胜感激.
But after restarting nginx I got the same problem.Is there Any way to fix this issue.Any suggestion will be appreciated.
推荐答案
主要原因是安装了rvm的ruby确实在错误的证书目录中进行了检查,而OSX-ruby会在正确的目录中进行检查.
The primary cause for this is the rvm installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one.
您要做的是不使用任何预编译的红宝石,而是在本地计算机上编译红宝石,就像这样:
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
您可以阅读详细说明 https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
这篇关于OpenSSL :: SSL :: SSLError(连接到Paypal时,返回SSL_connect = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!