ruby-on-rails – 连接到S3时获取“SSL_connect返回= 1 errno =
|
我一直试图将照片上传到我的AWS桶,但遇到了标题中提到的错误.我知道它很可能与我的OpenSSL证书有关,但我尝试过的任何建议的解决方案到目前为止都失败了.
我在OSX Yosemite上遇到了ruby 2.3.1,Rails 4.1.8,aws-sdk-core 2.3.4和carrierwave 0.11.0这个问题. 我已经尝试了在这个类似问题上找到的所有可用内容,就像其他人一样(这个是Windows版):https://github.com/aws/aws-sdk-core-ruby/issues/166#issuecomment-111603660 以下是我的一些文件: carrierwave.rb CarrierWave.configure do |config| # required
config.aws_credentials = {
access_key_id: Rails.application.secrets.aws_access_key_id,# required
secret_access_key: Rails.application.secrets.aws_access_key,# required
region: 'eu-west-2' # optional,defaults to 'us-east-1'
}
config.aws_bucket = Rails.application.secrets.aws_bucket # required
config.fog_attributes = { 'Cache-Control' => "max-age=#{365.day.to_i}" } # optional,defaults to {}
end
avatar_uploader.rb class AvatarUploader < CarrierWave::Uploader::Base
storage :aws
def store_dir
"uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
end
end
编辑(更多信息): stack trace:
Seahorse::Client::NetworkingError - SSL_connect returned=1 errno=0 state=error: certificate verify failed:
/Users/stevenharlow/.rbenv/versions/2.3.1/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
/Users/stevenharlow/.rbenv/versions/2.3.1/lib/ruby/2.3.0/net/http.rb:933:in `connect'
/Users/stevenharlow/.rbenv/versions/2.3.1/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
/Users/stevenharlow/.rbenv/versions/2.3.1/lib/ruby/2.3.0/net/http.rb:858:in `start'
/Users/stevenharlow/.rbenv/versions/2.3.1/lib/ruby/2.3.0/delegate.rb:83:in `method_missing'
aws-sdk-core (2.3.4) lib/seahorse/client/net_http/connection_pool.rb:292:in `start_session'
aws-sdk-core (2.3.4) lib/seahorse/client/net_http/connection_pool.rb:104:in `session_for'
aws-sdk-core (2.3.4) lib/seahorse/client/net_http/handler.rb:109:in `session'
解决方案: > Aws.use_bundled_cert! 这是结果 CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.s3-us-west-2.amazonaws.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
<certificate info>
No client certificate CA names sent
---
SSL handshake has read 2703 bytes and written 456 bytes
---
New,TLSv1/SSLv3,Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: <session-id>
Session-ID-ctx:
Master-Key: <master-key>
Key-Arg : None
Start Time: 1463697130
Timeout : 300 (sec)
Verify return code: 0 (ok)
解决方法
随着@RodrigoM的调查帮助和你的问题更新,这一切都开始有意义了.实际上有两个不同的问题会导致您观察到的错误:
>您的openssl安装没有验证其受信任的证书商店中的Amazon服务器所需的证书链…… 现在,您有两种选择: >您可以尝试将此中间CA证书(可能包括根CA证书( >从DigicertCA certificates的官方页面下载中间CA证书(您也可以使用上面的直接链接,但要严格遵守安全规则,您还应检查指纹) openssl x509 -in DigiCertBaltimoreCA-2G2.crt -inform DER >> ca-bundle.crt 运行此命令后,您的ca-bundle.crt应包含文件末尾的中间CA证书.>现在只需将此更新的捆绑文件推送到您的仓库和Aws.use_bundled_cert!应该开始工作了!>如果您关心,也许最好也是在aws-sdk-ruby gem上启动github问题,以便他们也在他们的repo中更新cert包… (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |