我正在尝试从我的应用程序发布到 Web 服务,但经常收到以下错误。
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
我用compassplus发出的crt文件和我自己生成的密钥文件发送帖子请求。
def payment
@booking = 12
uri = URI("https://test.compassplus.com:8444/Exec")
xml = Builder::XmlMarkup.new
xml.instruct! :xml, :version => '1.0'
xml.TKKPG {
xml.Request {
xml.Operation("CreateOrder")
xml.language("EN")
xml.Order {
xml.OrderType("Purchase")
xml.Merchant("123456")
xml.Amount("10000")
xml.Currency("840")
xml.Description("Tour Purchase")
xml.ApproveURL("/thankyou.html")
xml.CancelURL("/error.html")
xml.DeclineURL("/declined.html")
xml.email("")
xml.phone("")
xml.AddParams {
xml.FADATA("")
xml.SenderPostalCode("")
xml.AcctType("")
xml.TranAddendums("")
xml.TranAdddendumsVISA("")
xml.TranAdddendumsMC("")
xml.TranAdddendumsAMEX("")
xml.TranAdddendumsJCB("")
xml.OrderExpirationPeriod("")
xml.OrigAmount("")
xml.OrigCurrency("")
}
}
}
}
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.read(File.join(Rails.root, "/crt/gvtrek.com.pem"))
@request = http.post(uri, xml)
end
当我从本地主机发送发布请求时,我收到SSL错误,当我从生产发送请求时超时。我无法弄清楚问题所在。帮我修复它。我正在研究macOS Mojave。
经过大量测试,我找到了正确的解决方案。问题出在证书文件声明上。
我尝试使用捆绑的证书文件发送 post 请求(例如.com.pem(
http.ca_file = File.read(File.join(Rails.root, "/crt/example.com.pem"))
因此,我用每个crt和密钥文件更改了上述声明
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'}).
它现在奏效了。
完整代码
uri = URI("https://test.compassplus.com:8444/Exec")
xml = "
<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language></Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>99999</Merchant>
<Amount>10000</Amount>
<Currency>524</Currency>
<Description>Tour Purchase</Description>
<ApproveURL>/approve.html</ApproveURL>
<CancelURL>/cancel.html</CancelURL>
<DeclineURL></DeclineURL>
<email></email>
<phone></phone>
<AddParams>
<FA-DATA></FA-DATA>
<SenderPostalCode></SenderPostalCode>
<AcctType></AcctType>
<TranAddendums></TranAddendums>
<TranAddendumsVISA></TranAddendumsVISA>
<TranAddendumsMC></TranAddendumsMC>
<TranAddendumsAMEX></TranAddendumsAMEX>
<TranAddendumsJCB></TranAddendumsJCB>
<OrderExpirationPeriod></OrderExpirationPeriod>
<OrigAmount></OrigAmount>
<OrigCurrency></OrigCurrency>
</AddParams>
<Fee></Fee>
</Order>
</Request>
</TKKPG>
"
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'})
@res = http.request(req, xml)
参考。
Ruby 的 HTTP 库,支持 HTTPS、SSL 客户端证书和 Keep-Alive 支持?