时间戳

首页 > 解决方案 > OpenSSL 在 Rails 中出错,但在 Ruby 中没有

ruby-on-rails - OpenSSL 在 Rails 中出错,但在 Ruby 中没有

问题描述

在 Rails 中尝试通过 SSL 连接时,我们收到错误消息:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

还有许多其他 StackOverflow 文章涵盖了相同的错误,但我们遇到的症状却大不相同。

当我们在 Ruby 中发出测试命令时,它可以工作,但是当我们发出相同的命令引导到 Rails 环境中时,我们会得到上述错误。

这是带有输出的示例(由bundler.io推荐:https ://bundler.io/v1.16/guides/rubygems_tls_ssl_troubleshooting_guide.html#troubleshooting-certificate-errors )

红宝石:

oot@376dd015bcee:/usr/src/app# ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
Here's your Ruby and OpenSSL environment:

Ruby:           2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
RubyGems:       2.7.7
Bundler:        1.16.6
Compiled with:  OpenSSL 1.1.0f  25 May 2017
Loaded version: OpenSSL 1.1.0f  25 May 2017
SSL_CERT_FILE:  /usr/lib/ssl/cert.pem
SSL_CERT_DIR:   /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org:       success ✅
RubyGems connection to rubygems.org:      success ✅
Ruby net/http connection to rubygems.org: success ✅

Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 
(eval):136: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated

导轨:

root@376dd015bcee:/usr/src/app# RAILS_ENV=production bundle exec rails r 'eval open("https://git.io/vQhWq").read'
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from require at /usr/local/lib/ruby/gems/2.5.0/gems/bundler-1.16.6/lib/bundler/runtime.rb:81)
no value for ELK DNS -
Expected string default value for '--serializer'; got true (boolean)
Here's your Ruby and OpenSSL environment:

Ruby:           2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
RubyGems:       2.7.7
Bundler:        1.16.6
Compiled with:  OpenSSL 1.1.0f  25 May 2017
Loaded version: OpenSSL 1.1.0f  25 May 2017
SSL_CERT_FILE:  /usr/lib/ssl/cert.pem
SSL_CERT_DIR:   /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org:       success ✅
RubyGems connection to rubygems.org:      success ✅
Ruby net/http connection to rubygems.org: failed  ❌

Unfortunately, this Ruby can't connect to rubygems.org. 
Your Ruby can't connect to rubygems.org because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine rubygems.org servers.

其他几点:

  1. 这是带有 Amazon Linux AMI 的标准 ruby​​ docker 容器
  2. SSL_CERT_FILE/usr/lib/ssl/cert.pem不存在,但是 SSL_CERT_DIR 确实存在并且其中包含所有必需的证书。

为什么这适用于 Ruby 而不适用于 Rails?

标签: ruby-on-railsrubyopenssl

解决方案

推荐阅读