代码之家 › 专栏 › 技术社区 › Santosh Aryal

SSL\u connect returned=1 errno=0 state=error:证书验证失败(无法获取本地颁发者证书)

openssl web-services ruby ruby-on-rails

Santosh Aryal · 技术社区 · 6 年前

我试图从我的应用程序发布到web服务,我经常遇到以下错误。

SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

我用compassplus发布的crt文件和我自己生成的密钥文件发送post请求。

def payment
    @booking = 12

    uri = URI("https://test.compassplus.com:8444/Exec")
    xml = Builder::XmlMarkup.new
    xml.instruct! :xml, :version => '1.0'
    xml.TKKPG {
        xml.Request {
            xml.Operation("CreateOrder")
            xml.language("EN")
            xml.Order {
                xml.OrderType("Purchase")
                xml.Merchant("123456")
                xml.Amount("10000")
                xml.Currency("840")
                xml.Description("Tour Purchase")
                xml.ApproveURL("/thankyou.html")
                xml.CancelURL("/error.html")
                xml.DeclineURL("/declined.html")
                xml.email("")
                xml.phone("")
                xml.AddParams {
                    xml.FADATA("")
                    xml.SenderPostalCode("")
                    xml.AcctType("")
                    xml.TranAddendums("")
                    xml.TranAdddendumsVISA("")
                    xml.TranAdddendumsMC("")
                    xml.TranAdddendumsAMEX("")
                    xml.TranAdddendumsJCB("")
                    xml.OrderExpirationPeriod("")
                    xml.OrigAmount("")
                    xml.OrigCurrency("")
                }
            }
        }
    }
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl  = true
    http.ssl_version = :TLSv1_2
    http.verify_mode  = OpenSSL::SSL::VERIFY_PEER
    http.ca_file = File.read(File.join(Rails.root, "/crt/gvtrek.com.pem"))

    @request = http.post(uri, xml)
end

当我从localhost发送post请求时出现SSL错误,当我从生产环境发送请求时出现超时。我想不出这个问题。帮我把它修好。我在马科斯莫哈韦工作。

1 回复 | 直到 6 年前

Santosh Aryal 6 年前

经过大量的测试,我找到了正确的解决方案。问题出在cert文件声明上。

我尝试使用捆绑的cert文件(example.com.pem)发送post请求

http.ca_file = File.read(File.join(Rails.root, "/crt/example.com.pem"))

http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'}).

现在成功了。

完整代码

uri = URI("https://test.compassplus.com:8444/Exec")
xml = "
<TKKPG>
    <Request>
    <Operation>CreateOrder</Operation> 
    <Language></Language>
    <Order>
        <OrderType>Purchase</OrderType>
        <Merchant>99999</Merchant>
        <Amount>10000</Amount>
        <Currency>524</Currency>
        <Description>Tour Purchase</Description>
        <ApproveURL>/approve.html</ApproveURL>
        <CancelURL>/cancel.html</CancelURL>
        <DeclineURL></DeclineURL>
        <email></email>
        <phone></phone>
        <AddParams>
            <FA-DATA></FA-DATA>
            <SenderPostalCode></SenderPostalCode>
            <AcctType></AcctType> 
            <TranAddendums></TranAddendums> 
            <TranAddendumsVISA></TranAddendumsVISA> 
            <TranAddendumsMC></TranAddendumsMC> 
            <TranAddendumsAMEX></TranAddendumsAMEX> 
            <TranAddendumsJCB></TranAddendumsJCB> 
            <OrderExpirationPeriod></OrderExpirationPeriod> 
            <OrigAmount></OrigAmount> 
            <OrigCurrency></OrigCurrency>
        </AddParams>
        <Fee></Fee> 
    </Order>
    </Request>
</TKKPG>
"
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl  = true
http.ssl_version = :TLSv1_2
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'})
@res = http.request(req, xml)

参考文献。

HTTP library for Ruby with HTTPS, SSL Client Certificate and Keep-Alive support?