更新时间:2022-11-06 22:37:23
如果使用本机 OpenSSL 库未正确设置默认的OpenSSL 目录",有时会发生这种情况.open-uri 使用 OpenSSL::X509::Store#set_default_paths
来告诉 OpenSSL 在 OpenSSL 目录中查找包含 OpenSSL 默认信任的可信根证书的文件.
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths
in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
在您的情况下,此查找失败.您可以通过设置一个覆盖默认设置的环境变量并告诉 OpenSSL 在该目录中查找来使其成功:
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
这是我的 Fedora 16 64 位上根 CA 包的默认位置,其他流行的位置是/etc/ssl/ca-bundle.crt 等.在您的情况下,RVM 使用的 OpenSSL 库位于 $rvm_path/usr,因此您应该四处寻找适合默认根 CA 文件的候选者.环境变量设置正确后,open-uri的调用就会成功.
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.
要使环境变量永久化,请使用通常的方法,例如在 .bashrc、/etc/profile 或任何最适合您情况的文件中定义导出.
To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
OpenSSL::SSL::SSLError:SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书B:证书验证失败
OpenSSL::SSL::SSLError - SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书 B:证书验证失败:
OpenSSL :: SSL :: SSLError(连接到Paypal时,返回SSL_connect = 1 errno = 0 state = SSLv3读取服务器证书B:证书验证失败)
OpenSSL::SSL::SSLError(SSL_connect 返回=1 errno=0 state=SSLv3 读取服务器证书 B:证书验证失败)
OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败
连接:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败(OpenSSL :: SSL :: SSLError)
OpenSSL :: SSL :: SSL错误:SSL_connect返回= 1 errno = 0状态=错误:证书验证失败