我正在尝试从我的应用程序发布到 Web 服务,但我经常收到以下错误。
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
我使用compassplus发布的crt文件和我自己生成的 key 文件发送post请求。
def payment
@booking = 12
uri = URI("https://test.compassplus.com:8444/Exec")
xml = Builder::XmlMarkup.new
xml.instruct! :xml, :version => '1.0'
xml.TKKPG {
xml.Request {
xml.Operation("CreateOrder")
xml.language("EN")
xml.Order {
xml.OrderType("Purchase")
xml.Merchant("123456")
xml.Amount("10000")
xml.Currency("840")
xml.Description("Tour Purchase")
xml.ApproveURL("/thankyou.html")
xml.CancelURL("/error.html")
xml.DeclineURL("/declined.html")
xml.email("")
xml.phone("")
xml.AddParams {
xml.FADATA("")
xml.SenderPostalCode("")
xml.AcctType("")
xml.TranAddendums("")
xml.TranAdddendumsVISA("")
xml.TranAdddendumsMC("")
xml.TranAdddendumsAMEX("")
xml.TranAdddendumsJCB("")
xml.OrderExpirationPeriod("")
xml.OrigAmount("")
xml.OrigCurrency("")
}
}
}
}
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.read(File.join(Rails.root, "/crt/gvtrek.com.pem"))
@request = http.post(uri, xml)
end
当我从 localhost 发送 post 请求时出现 SSL 错误,当我从生产中发送它时出现超时。我无法弄清楚问题所在。帮我把它修好。我正在使用 macOS Mojave。
最佳答案
经过大量测试,我找到了正确的解决方案。问题在于证书文件声明。
我尝试使用捆绑的证书文件(example.com.pem)发送发布请求
http.ca_file = File.read(File.join(Rails.root, "/crt/example.com.pem"))
因此,我使用每个 crt 和 key 文件更改了上述声明
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'}).
它现在起作用了。
完整代码
uri = URI("https://test.compassplus.com:8444/Exec")
xml = "
<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language></Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>99999</Merchant>
<Amount>10000</Amount>
<Currency>524</Currency>
<Description>Tour Purchase</Description>
<ApproveURL>/approve.html</ApproveURL>
<CancelURL>/cancel.html</CancelURL>
<DeclineURL></DeclineURL>
<email></email>
<phone></phone>
<AddParams>
<FA-DATA></FA-DATA>
<SenderPostalCode></SenderPostalCode>
<AcctType></AcctType>
<TranAddendums></TranAddendums>
<TranAddendumsVISA></TranAddendumsVISA>
<TranAddendumsMC></TranAddendumsMC>
<TranAddendumsAMEX></TranAddendumsAMEX>
<TranAddendumsJCB></TranAddendumsJCB>
<OrderExpirationPeriod></OrderExpirationPeriod>
<OrigAmount></OrigAmount>
<OrigCurrency></OrigCurrency>
</AddParams>
<Fee></Fee>
</Order>
</Request>
</TKKPG>
"
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'})
@res = http.request(req, xml)
引用。
HTTP library for Ruby with HTTPS, SSL Client Certificate and Keep-Alive support?
关于ruby-on-rails - SSL_connect 返回=1 errno=0 状态=错误: certificate verify failed (unable to get local issuer certificate),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52640829/