我有以下有效的 curl 命令:
curl -k -E some_cert.pem https://someurl.com/__dirlist__
我尝试在 Ruby 中实现它:
uri = URI.parse('https://someurl.com/__dirlist__')
http_session = Net::HTTP.new(uri.host, uri.port)
http_session.ca_file = "some_cert.pem"
http_session.use_ssl = true
http_session.verify_mode = OpenSSL::SSL::VERIFY_NONE
res = http_session.get(uri.request_uri)
我试过使用所有不同版本的 SSL(使用 http_session.ssl_version = :SSLv2_client
等),所有这些都失败了(一些消息不同),我使用 wireshark 匹配版本查看 curl 使用的是什么,所以不要认为这是问题所在(尽管 ruby 发送了一堆额外的设置,但似乎都不相关)。
通过阅读其他错误报告,我发现人们有很多与他们的证书库中没有适当的证书相关的问题,但是对于 SSL::VERIFY_NONE
我不明白这是怎么回事
我不能排除它可能是我的 Ruby 中内置的 openssl,但我认为这不太可能,因为我也在另一台机器上运行了这段代码并得到了同样的错误,我会假设 curl 正在链接相同的 openssl(我不知道如何检查)。
我查看了 rdocs,就好像我已经用尽了 Net:HTTP 中所有可用的设置。
这是我看到的无法描述的错误(略微匿名):
OpenSSL::SSL::SSLError: SSL_read:: ssl handshake failure
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `sysread'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `block in rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:68:in `timeout'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:51:in `rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:122:in `readuntil'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:132:in `readline'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2562:in `read_status_line'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2551:in `read_new'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:146:in `request'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:131:in `block in request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:129:in `request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:1026:in `get'
最佳答案
来自 curl 手册:
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure"
SSL connections and transfers. All SSL connections are attempted
to be made secure by using the CA certificate bundle installed
by default. This makes all connections considered "insecure"
fail unless -k, --insecure is used.
因此在没有 -k
的情况下运行也可能会揭示 curl 上的问题。
关于ruby - ruby 中的 SSL 问题但不是 curl,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19572709/