RestClient.get 返回证书验证失败
RestClient.get returning certificate verify failed
我正在尝试使用 RestClient 和 Ruby v.2.2.1 访问内部测试 API 服务器。
这实际上是代码:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
response = RestClient.get url, header
这是我收到的失败消息:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)
如果我没看错的话,看起来 Ruby 无法接受 SSL 安全证书。此调用在 Chrome 应用程序 Postman 中有效,但为了使其正常工作,我必须在 Chrome 本身中点击 URL 并接受连接不安全(但无论如何继续), 然后它将在邮递员中工作。
有没有办法忽略证书失败并继续 Ruby?
尝试使用 #execute(&block) 并将 verify_ssl 设置为 false。
:verify_ssl enable ssl verification, possible values are constants
from OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER
url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
RestClient::Request.execute(
:url => url,
:method => :get,
:headers => headers,
:verify_ssl => false
)
参见:http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method
RVM
RVM 用户的其他解决方案来自:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
This discussion on Github finally gave the solution: Somehow RVM comes
with a precompiled version of ruby that is statically linked against
an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and
rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
rest-client 默认情况下在所有平台上使用系统的 CA 存储验证证书。但是可以将选项 :verify_ssl 设置为 false 或指定 :ssl_ca_file 或 :ssl_ca_path 或 :ssl_cert_store 以自定义接受的证书颁发机构。
所以您可以简单地将 :verify_ssl 设置为 false:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
resource = RestClient::Resource.new(
url,
headers: header,
verify_ssl: false
)
response = resource.get
您可以立即尝试使用 https://badssl.com/ 提供的自签名证书的主机。只需将下面的代码片段复制到您的 irb 控制台即可。
response = RestClient::Resource.new(
'https://self-signed.badssl.com/',
:verify_ssl => false
).get
我正在尝试使用 RestClient 和 Ruby v.2.2.1 访问内部测试 API 服务器。
这实际上是代码:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
response = RestClient.get url, header
这是我收到的失败消息:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)
如果我没看错的话,看起来 Ruby 无法接受 SSL 安全证书。此调用在 Chrome 应用程序 Postman 中有效,但为了使其正常工作,我必须在 Chrome 本身中点击 URL 并接受连接不安全(但无论如何继续), 然后它将在邮递员中工作。
有没有办法忽略证书失败并继续 Ruby?
尝试使用 #execute(&block) 并将 verify_ssl 设置为 false。
:verify_sslenable ssl verification, possible values are constants fromOpenSSL::SSL::VERIFY_*, defaults toOpenSSL::SSL::VERIFY_PEER
url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
RestClient::Request.execute(
:url => url,
:method => :get,
:headers => headers,
:verify_ssl => false
)
参见:http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method
RVM
RVM 用户的其他解决方案来自:https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into
/etc/opensslfor it's certificates.What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
rest-client 默认情况下在所有平台上使用系统的 CA 存储验证证书。但是可以将选项 :verify_ssl 设置为 false 或指定 :ssl_ca_file 或 :ssl_ca_path 或 :ssl_cert_store 以自定义接受的证书颁发机构。
所以您可以简单地将 :verify_ssl 设置为 false:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
resource = RestClient::Resource.new(
url,
headers: header,
verify_ssl: false
)
response = resource.get
您可以立即尝试使用 https://badssl.com/ 提供的自签名证书的主机。只需将下面的代码片段复制到您的 irb 控制台即可。
response = RestClient::Resource.new(
'https://self-signed.badssl.com/',
:verify_ssl => false
).get