OpenSSL::SSL::SSLError: hostname "file.api.weixin.qq.com" does not match the server certificate

原创
2019/02/22 18:29
阅读数 690

 

Rails在使用 rest-client 会出现ssl的问题,已rest-client =1.8.0 版本为例默认使用了系统的CA验证,

服务器环境 :

Ruby2.1.1

Rest-client-1.6.8 

OpenSSL 1.0.2

如果在服务器环境下其他项目使用 gem rest-client 高版本 >=1.8.0时,在请求 RestClient.post时,如果url时https 时 会提示

OpenSSL::SSL::SSLError: hostname "you host" does not match the server certificate

 解决方案:

一:跳过验证

1、OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE (这种会有警告)

2、覆盖RestClient::Request#transmit 中的 transmit 函数 

def transmit
   @ssl_opts[:verify_ssl] = OpenSSL::SSL::VERIFY_NONE
   #调用函数
end

二: 重新安装新版 openssl

rvm pkg install openssl 

rvm reinstall 2.1.1

 

#RestClient::Request源码 1.8.0

net.cert = ssl_client_cert if ssl_client_cert
  net.key = ssl_client_key if ssl_client_key
  net.ca_file = ssl_ca_file if ssl_ca_file
  net.ca_path = ssl_ca_path if ssl_ca_path
  net.cert_store = ssl_cert_store if ssl_cert_store

  # We no longer rely on net.verify_callback for the main SSL verification
  # because it's not well supported on all platforms (see comments below).
  # But do allow users to set one if they want.
  if ssl_verify_callback
    net.verify_callback = ssl_verify_callback

    # Hilariously, jruby only calls the callback when cert_store is set to
    # something, so make sure to set one.
    # https://github.com/jruby/jruby/issues/597
    if RestClient::Platform.jruby?
      net.cert_store ||= OpenSSL::X509::Store.new
    end

    if ssl_verify_callback_warnings != false
      if print_verify_callback_warnings
        warn('pass :ssl_verify_callback_warnings => false to silence this')
      end
    end
  end

  if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
    warn('WARNING: OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE')
    warn('This dangerous monkey patch leaves you open to MITM attacks!')
    warn('Try passing :verify_ssl => false instead.')
  end

 

展开阅读全文
打赏
0
1 收藏
分享
加载中
更多评论
打赏
0 评论
1 收藏
0
分享
返回顶部
顶部