I used RVM to install Ruby 1.9.3 on Ubuntu 12.04 by doing
我使用RVM在Ubuntu 12.04上安装Ruby 1.9.3
rvm pkg install openssl
rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr
And then when I try to run something along the lines of:
然后当我试着沿着以下路线运行时:
require 'open-uri'
open('https://www.google.com/')
I get the error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
我得到错误:OpenSSL::SSL::SSLError: SSL_connect返回=1 errno=0状态=SSLv3读取服务器证书B:证书验证失败
How do I solve this? I have many similar threads where people have this problem in OSX, but how do I resolve it in Ubuntu?
我怎么解决这个问题?我有很多类似的线程,人们在OSX中有这个问题,但是我如何在Ubuntu中解决它呢?
Thanks for your help.
谢谢你的帮助。
6 个解决方案
#1
24
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths
in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
如果默认的“OpenSSL目录”没有正确地使用本机OpenSSL库设置,就会出现这种情况。open-uri使用OpenSSL:::X509::Store#set_default_paths命令OpenSSL在OpenSSL目录中查找包含OpenSSL默认信任的根证书的文件。
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
在您的示例中,此查找失败。通过设置一个环境变量来覆盖默认设置并告诉OpenSSL在该目录中查找,可以使其成功:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.
这是Fedora 16 64位上的根CA包的默认位置,其他常见的位置是/etc/ssl/ca- bundle。crt等。在您的例子中,RVM使用的OpenSSL库位于$rvm_path/usr中,所以您应该在那里查找一个适合默认根CA文件的候选对象。环境变量设置正确后,对open uri的调用将成功。
To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
要使环境变量成为永久性的,可以使用通常的方法,例如在.bashrc、/etc/profile中定义导出,或者任何最适合您的情况的方法。
#2
10
The cacert.pem file is missing from rvm installed openssl.
cacert。安装了openssl的rvm缺少pem文件。
$ cd $rvm_path/usr/ssl
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem
#3
9
Add the 'certified' gem to your Gemfile.
将“认证”的宝石添加到你的宝石文件中。
More info: https://rubygems.org/gems/certified
更多信息:https://rubygems.org/gems/certified。
#4
4
See http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.html as an alternative answer to your question, it should work for both Ubuntu and Mac OS X users and it doesn't require a change in the environment variables.
见http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x。html作为您问题的替代答案,它应该适用于Ubuntu和Mac OS X用户,并且不需要对环境变量进行更改。
The solution from the above link:
以上环节的解决方案:
# config/initializers/fix_ssl.rb
#
# Work around errors that look like:
#
# SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
# Ubuntu
if File.exists?('/etc/ssl/certs')
self.ca_path = '/etc/ssl/certs'
# MacPorts on OS X
# You'll need to run: sudo port install curl-ca-bundle
elsif File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
self.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
end
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
#5
0
This did now work for me. Things starting working when I ran "brew doctor", which led me to clues like "unset SSL_CERT_DIR"
这对我来说确实有用。当我运行“brew doctor”时,开始工作了,这使我找到了一些线索,比如“unset SSL_CERT_DIR”
#6
0
Check your system clock!!
Hit this error on a virtual machine after a long period (1 week) without use. Updating my system clock fixed the issue immediately.
在长时间(1周)不使用的情况下,在虚拟机上单击此错误。更新我的系统时钟立即修复了这个问题。
If you're running ntpd
then ntpdate -b -u pool.ntp.org
will do that for you.
如果你正在运行ntpd,那么ntpdate -b -u pool.ntp.org会为你做这些。
#1
24
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths
in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
如果默认的“OpenSSL目录”没有正确地使用本机OpenSSL库设置,就会出现这种情况。open-uri使用OpenSSL:::X509::Store#set_default_paths命令OpenSSL在OpenSSL目录中查找包含OpenSSL默认信任的根证书的文件。
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
在您的示例中,此查找失败。通过设置一个环境变量来覆盖默认设置并告诉OpenSSL在该目录中查找,可以使其成功:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.
这是Fedora 16 64位上的根CA包的默认位置,其他常见的位置是/etc/ssl/ca- bundle。crt等。在您的例子中,RVM使用的OpenSSL库位于$rvm_path/usr中,所以您应该在那里查找一个适合默认根CA文件的候选对象。环境变量设置正确后,对open uri的调用将成功。
To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
要使环境变量成为永久性的,可以使用通常的方法,例如在.bashrc、/etc/profile中定义导出,或者任何最适合您的情况的方法。
#2
10
The cacert.pem file is missing from rvm installed openssl.
cacert。安装了openssl的rvm缺少pem文件。
$ cd $rvm_path/usr/ssl
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem
#3
9
Add the 'certified' gem to your Gemfile.
将“认证”的宝石添加到你的宝石文件中。
More info: https://rubygems.org/gems/certified
更多信息:https://rubygems.org/gems/certified。
#4
4
See http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.html as an alternative answer to your question, it should work for both Ubuntu and Mac OS X users and it doesn't require a change in the environment variables.
见http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x。html作为您问题的替代答案,它应该适用于Ubuntu和Mac OS X用户,并且不需要对环境变量进行更改。
The solution from the above link:
以上环节的解决方案:
# config/initializers/fix_ssl.rb
#
# Work around errors that look like:
#
# SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
# Ubuntu
if File.exists?('/etc/ssl/certs')
self.ca_path = '/etc/ssl/certs'
# MacPorts on OS X
# You'll need to run: sudo port install curl-ca-bundle
elsif File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
self.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
end
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
#5
0
This did now work for me. Things starting working when I ran "brew doctor", which led me to clues like "unset SSL_CERT_DIR"
这对我来说确实有用。当我运行“brew doctor”时,开始工作了,这使我找到了一些线索,比如“unset SSL_CERT_DIR”
#6
0
Check your system clock!!
Hit this error on a virtual machine after a long period (1 week) without use. Updating my system clock fixed the issue immediately.
在长时间(1周)不使用的情况下,在虚拟机上单击此错误。更新我的系统时钟立即修复了这个问题。
If you're running ntpd
then ntpdate -b -u pool.ntp.org
will do that for you.
如果你正在运行ntpd,那么ntpdate -b -u pool.ntp.org会为你做这些。