如 OpenSSL::X509::Certificate Showing Certificate for Wrong Domain 中所引用,我需要使用 TLSv1 或更高版本和 Server Name Indication扩展名。
即使通过 SSLContext 设置了 ssl_version 和 servername_cb,我仍然得到了 myproair.com< 的错误证书.
begin
timeout(1) do
tcp_client = TCPSocket.new("#{instance["domain"]}", 443)
ssl_context = OpenSSL::SSL::SSLContext.new()
ssl_context.ssl_version = :TLSv1
ssl_context.servername_cb = "https://#{instance["domain"]}"
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, ssl_context)
ssl_client.connect
cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert)
ssl_client.sysclose
tcp_client.close
#http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html
date = Date.parse((cert.not_after).to_s)
row.push("#{date.strftime('%F')} #{cert.signature_algorithm} #{cert.subject.to_a.select{|name, _, _| name == 'CN' }.first[1]}".downcase.ljust(57))
end
rescue SocketError
row.push("down".ljust(57))
rescue Errno::ECONNREFUSED
row.push("connection refused".ljust(57))
rescue Errno::ECONNRESET
row.push("connection reset".ljust(57))
rescue Timeout::Error
row.push("no 443 listener".ljust(57))
rescue OpenSSL::SSL::SSLError
row.push("bad certificate - ssl error".ljust(57))
rescue Exception => ex
row.push("error: #{ex.class} #{ex.message}".ljust(57))
end
如何在 OS X 上的 Ruby 2.0 中设置服务器名称?
$ ruby --version
ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]
$ openssl version
OpenSSL 0.9.8zc 15 Oct 2014
最佳答案
您自然会使用 undocumented OpenSSL::SSLSocket 的“主机名”方法!
tcp_client = TCPSocket.new("#{instance["domain"]}", 443)
ssl_context = OpenSSL::SSL::SSLContext.new()
ssl_context.ssl_version = :TLSv1
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, ssl_context)
ssl_client.hostname = instance["domain"]
ssl_client.connect
cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert)
ssl_client.sysclose
tcp_client.close
我发现 here同时编写具有类似目标的代码。
关于ruby - OpenSSL::SSL::SSLContext SNI servername_cb 不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30244745/