我收到SSL_connect错误:
> ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:933:in `connect'
from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from F:/Ruby/ruby/lib/ruby/2.3.0/net/http.rb:852:in `start'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:319:in `open_http'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:737:in `buffer_open'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:210:in `catch'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:210:in `open_loop'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:151:in `open_uri'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:717:in `open'
from F:/Ruby/ruby/lib/ruby/2.3.0/open-uri.rb:35:in `open'
from -e:1:in `<main>'
我尝试了什么:
-
自动SSL已检查 - >失败
-
更新了Bundler - >成功(bundler-1.17.1)
-
更新了Rubygems - >成功(rubygems-2.7.8)
-
同步时间 - >成功(time.windows.com)
-
更新了CA证书 - >用新鲜的GlobalSignRootCA.pem替换了
F:\Ruby\ruby\lib\ruby\site_ruby\2.3.0\rubygems\ssl_certs\index.rubygems.org\GlobalSignRootCA.pem -
重新运行自动SSL检查 - >失败
我不感兴趣的其他一些解决方案:
-
关闭验证:
http.verify_mode = OpenSSL::SSL::VERIFY_NONE -
将
http://rubygems.org添加到gem sources -
设置
SSL_CERT_FILE. 但为什么?如上所述blog
设置SSL_CERT_FILE如果您知道自己在做什么,这不是一个糟糕的解决方案 . 但是,有很多解决方案建议将CA证书下载到您的计算机并将SSL_CERT_FILE环境变量设置为其位置 . 这种方法的问题是您不知道您是否可以信任您正在下载的CA证书 . 在某些情况下,CA证书甚至以明文形式下载 . 如果你问我,麻烦 .
我在:
-
Windows 10
-
Ruby 2.3.3p222(2016-11-21修订版56859)[i386-mingw32]
-
Rails 5.1.6.1
-
gem 2.7.8(最近升级)