SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

后端 未结 30 2460
太阳男子
太阳男子 2020-11-22 04:29

I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws except

相关标签:
30条回答
  • 2020-11-22 05:01

    Then, as this blog post suggests,

    "How to Cure Net::HTTP’s Risky Default HTTPS Behavior"

    you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.

    0 讨论(0)
  • 2020-11-22 05:02

    On Mac OS X Lion with the latest macport:

    sudo port install curl-ca-bundle  
    export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt  
    

    Then, rerun the failed job.

    Note, the cert file location seems to have changed since Eric G answered on May 12.

    0 讨论(0)
  • 2020-11-22 05:04

    Ruby can't find any root certificates to trust.

    Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".

    The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:

    sudo port install curl-ca-bundle
    

    and tell your https object to use it:

    https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
    

    Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.

    0 讨论(0)
  • 2020-11-22 05:05

    Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)

    Excerpt:

    The Manual Way (Boring)

    Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.

    Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:

    set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
    

    To make this a permanent setting, add this in your control panel.

    0 讨论(0)
  • 2020-11-22 05:06

    If you're using RVM on OS X, you probably need to run this:

    rvm osx-ssl-certs update all
    

    More information here: http://rvm.io/support/fixing-broken-ssl-certificates

    And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md


    Update

    On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):

    rvm reinstall 2.2.3 --disable-binary
    

    Credit to https://stackoverflow.com/a/32363597/4353 and Ian Connor.

    0 讨论(0)
  • 2020-11-22 05:08

    The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...

    http://curl.haxx.se/ca/cacert.pem
    

    If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.

    In my case the system was looking for the cert file in

    /Users/stewart.matheson/.rvm/usr/ssl/cert.pem
    

    however MACOSX system would expect a certificate in

    /System/Library/OpenSSL/cert.pem
    

    I copied the downloaded cert to this path and it worked. HTH

    0 讨论(0)
提交回复
热议问题