24  

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

如果默认的“OpenSSL目录”没有正确地使用本机OpenSSL库设置，就会出现这种情况。open-uri使用OpenSSL:::X509::Store#set_default_paths命令OpenSSL在OpenSSL目录中查找包含OpenSSL默认信任的根证书的文件。

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

在您的示例中，此查找失败。通过设置一个环境变量来覆盖默认设置并告诉OpenSSL在该目录中查找，可以使其成功:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

这是Fedora 16 64位上的根CA包的默认位置，其他常见的位置是/etc/ssl/ca- bundle。crt等。在您的例子中，RVM使用的OpenSSL库位于$rvm_path/usr中，所以您应该在那里查找一个适合默认根CA文件的候选对象。环境变量设置正确后，对open uri的调用将成功。

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

要使环境变量成为永久性的，可以使用通常的方法，例如在.bashrc、/etc/profile中定义导出，或者任何最适合您的情况的方法。

10  

The cacert.pem file is missing from rvm installed openssl.

cacert。安装了openssl的rvm缺少pem文件。

$ cd $rvm_path/usr/ssl
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem

9  

Add the 'certified' gem to your Gemfile.

将“认证”的宝石添加到你的宝石文件中。

More info: https://rubygems.org/gems/certified

更多信息:https://rubygems.org/gems/certified。

4  

See http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.html as an alternative answer to your question, it should work for both Ubuntu and Mac OS X users and it doesn't require a change in the environment variables.

见http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x。html作为您问题的替代答案，它应该适用于Ubuntu和Mac OS X用户，并且不需要对环境变量进行更改。

The solution from the above link:

以上环节的解决方案:

# config/initializers/fix_ssl.rb
# 
# Work around errors that look like:
#
#   SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      # Ubuntu
      if File.exists?('/etc/ssl/certs')
        self.ca_path = '/etc/ssl/certs'

      # MacPorts on OS X
      # You'll need to run: sudo port install curl-ca-bundle
      elsif File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
        self.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
      end

      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

0  

This did now work for me. Things starting working when I ran "brew doctor", which led me to clues like "unset SSL_CERT_DIR"

这对我来说确实有用。当我运行“brew doctor”时，开始工作了，这使我找到了一些线索，比如“unset SSL_CERT_DIR”

0  

Check your system clock!!

Hit this error on a virtual machine after a long period (1 week) without use. Updating my system clock fixed the issue immediately.

在长时间(1周)不使用的情况下，在虚拟机上单击此错误。更新我的系统时钟立即修复了这个问题。

If you're running ntpd then ntpdate -b -u pool.ntp.org will do that for you.

如果你正在运行ntpd，那么ntpdate -b -u pool.ntp.org会为你做这些。