I'm developing rails app with social authorization. Facebook and Twitter logins works fine, but something strange is going with Google...
我正在开发具有社交授权的rails app。 Facebook和Twitter登录工作正常,但谷歌有点奇怪......
My initializer for google:
我的谷歌初始化程序:
provider :google_oauth2, OAUTH_CONFIG[:google_api_key], OAUTH_CONFIG[:google_api_secret], {
:access_type => 'offline',
:prompt => 'consent',
:scope => 'userinfo.email, userinfo.profile, youtube.readonly'
}
My error, which I see when click login with Google:
我在点击Google登录时看到的错误:
Faraday::Error::ConnectionFailed
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:852:in `start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:1369:in `request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:75:in `perform_request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:38:in `call'
faraday (0.8.8) lib/faraday/request/url_encoded.rb:14:in `call'
faraday (0.8.8) lib/faraday/connection.rb:253:in `run_request'
oauth2 (0.8.1) lib/oauth2/client.rb:88:in `request'
oauth2 (0.8.1) lib/oauth2/client.rb:131:in `get_token'
oauth2 (0.8.1) lib/oauth2/strategy/auth_code.rb:29:in `get_token'
What is wrong with SSL certificates? Please, help
SSL证书有什么问题?请帮忙
In google search results I see many similar answers - update 'openssl' library, reinstall ruby, rvm, update gemsets, bla-bla and many others... I have tried everithing, nothing helps me.
在谷歌搜索结果中,我看到许多类似的答案 - 更新'openssl'库,重新安装ruby,rvm,更新gemsets,bla-bla和许多其他...我尝试过,没有什么可以帮助我。
Environment: rails 4.1.6, ruby 2.1.4, OS_X Yosemite
环境:rails 4.1.6,ruby 2.1.4,OS_X Yosemite
3 个解决方案
#1
5
Another answer says to disable OpenSSL's VERIFY_PEER option which means your app is not validating the certificate and you cannot verify you are connecting to Google when you make queries. This is a huge security risk and you should never do this.
另一个答案是禁用OpenSSL的VERIFY_PEER选项,这意味着您的应用程序未验证证书,并且在您进行查询时无法验证您是否正在连接到Google。这是一个巨大的安全风险,你永远不应该这样做。
There is an issue on the GitHub repo for google-api-ruby-client (https://github.com/google/google-api-ruby-client/issues/253) for the problem you've described. The current workaround is to add this to your application:
针对您所描述的问题,google-api-ruby-client(https://github.com/google/google-api-ruby-client/issues/253)的GitHub存储库存在问题。目前的解决方法是将其添加到您的应用程序:
ENV['SSL_CERT_FILE'] = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'
For a Rails app, you would add this as a line in config/application.rb.
对于Rails应用程序,您可以在config / application.rb中将其添加为一行。
#2
6
I add to my app initialize this not beautiful spike:
我添加到我的应用程序初始化这不是美丽的尖峰:
if Rails.env.development?
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
end
Now login works in development mode.
现在登录在开发模式下工作。
#3
0
In short, you should do following things:
简而言之,您应该做以下事情:
rvm remove 2.1.4
rvm install 2.1.4 --disable-binary
Here is complete solution with description: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
以下是完整的解决方案说明:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
#1
5
Another answer says to disable OpenSSL's VERIFY_PEER option which means your app is not validating the certificate and you cannot verify you are connecting to Google when you make queries. This is a huge security risk and you should never do this.
另一个答案是禁用OpenSSL的VERIFY_PEER选项,这意味着您的应用程序未验证证书,并且在您进行查询时无法验证您是否正在连接到Google。这是一个巨大的安全风险,你永远不应该这样做。
There is an issue on the GitHub repo for google-api-ruby-client (https://github.com/google/google-api-ruby-client/issues/253) for the problem you've described. The current workaround is to add this to your application:
针对您所描述的问题,google-api-ruby-client(https://github.com/google/google-api-ruby-client/issues/253)的GitHub存储库存在问题。目前的解决方法是将其添加到您的应用程序:
ENV['SSL_CERT_FILE'] = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'
For a Rails app, you would add this as a line in config/application.rb.
对于Rails应用程序,您可以在config / application.rb中将其添加为一行。
#2
6
I add to my app initialize this not beautiful spike:
我添加到我的应用程序初始化这不是美丽的尖峰:
if Rails.env.development?
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
end
Now login works in development mode.
现在登录在开发模式下工作。
#3
0
In short, you should do following things:
简而言之,您应该做以下事情:
rvm remove 2.1.4
rvm install 2.1.4 --disable-binary
Here is complete solution with description: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
以下是完整的解决方案说明:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html