主机名与服务器证书不匹配

主机名与服务器证书不匹配

本文介绍了Rails 3:OpenSSL::SSL::SSLError:主机名与服务器证书不匹配的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

尝试通过控制台发送电子邮件时,我收到此错误:

When trying to deliver an email via console I receive this error:

OpenSSL::SSL::SSLError: hostname was not match with the server certificate

问题是我真的不太了解证书等,或者真的不知道如何开始解决这个问题,我试着用 openssl 做一些调查,这是返回的证书.

The thing is I really don't know much about certificates and such, or really how to get started troubleshooting this, I tried to do some investigation with openssl and here is the certificate that is returned.

我不知道是不是服务器上运行的 Postfix 或我的 rails 应用程序有问题,非常感谢您提供任何帮助或线索.

I don't know if its a problem with Postfix which is running on the server, or my rails app, any help or clues is really appreciated.

~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
 0 s:/CN=myhostname
   i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
[...redacted...]
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
    Session-ID-ctx:
    Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
    Key-Arg   : None
    Start Time: 1292985376
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

推荐答案

比公认的答案要好得多的解决方案(在安全性方面)是:

An infinitely better solution (in terms of security that is) than the accepted answer would be:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "[email protected]",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  :openssl_verify_mode  => 'none'
}

这样您仍将使用加密,但证书验证将被禁用(并且您不会收到任何错误).

This way you'll still be using encryption, but the validation of the certificate would be disabled (and you won't be getting any errors).

这篇关于Rails 3:OpenSSL::SSL::SSLError:主机名与服务器证书不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 18:19