Rails omniauth facebook SSL 握手失败答案

【问题标题】：Rails omniauth facebook SSL handshake failureRails omniauth facebook SSL 握手失败
【发布时间】：2014-12-14 02:22:24
【问题描述】：

我的应用程序已经运行好几个月了，但突然登录不起作用，我明白了：

2014-10-18T18:09:33.971670+00:00 app[web.1]: Faraday::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure): 2014-10-18T18:09:33.971672+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 2014-10-18T18:09:33.971674+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `block in connect' 2014-10-18T18:09:33.971675+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/timeout.rb:52:in `timeout' 2014-10-18T18:09:33.971676+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect' 2014-10-18T18:09:33.971678+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:862:in `do_start' 2014-10-18T18:09:33.971679+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:851:in `start' 2014-10-18T18:09:33.971680+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1367:in `request' 2014-10-18T18:09:33.971682+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/agent/instrumentation/net.rb:27:in `block (2 leve ls) in request_with_newrelic_trace' 2014-10-18T18:09:33.971683+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/agent.rb:404:in `disable_all_tracing' 2014-10-18T18:09:33.971685+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/agent/instrumentation/net.rb:26:in `block in requ est_with_newrelic_trace' 2014-10-18T18:09:33.971686+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/agent/cross_app_tracing.rb:41:in `trace_http_requ est' 2014-10-18T18:09:33.971687+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/agent/instrumentation/net.rb:23:in `request_with_ newrelic_trace' 2014-10-18T18:09:33.971689+00:00 app[web.1]: vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1126:in `get' 2014-10-18T18:09:33.971690+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:78:in `perform_request' 2014-10-18T18:09:33.971691+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:39:in `call' 2014-10-18T18:09:33.971693+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/request/url_encoded.rb:15:in `call' 2014-10-18T18:09:33.971694+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139:in `build_response' 2014-10-18T18:09:33.971695+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/connection.rb:377:in `run_request' 2014-10-18T18:09:33.971696+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/cli ent.rb:88:in `request' 2014-10-18T18:09:33.971698+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/access_token.rb:99:in `request' 2014-10-18T18:09:33.971699+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/access_token.rb:106:in `get' 2014-10-18T18:09:33.971700+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-facebook-access-token-0.1.3/lib/omniauth/strategies/facebook-access-token.rb: 90:in `callback_phase' 2014-10-18T18:09:33.971702+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:227:in `callback_call' 2014-10-18T18:09:33.971703+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:184:in `call!' 2014-10-18T18:09:33.971704+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:164:in `call' 2014-10-18T18:09:33.971706+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:186:in `call!' 2014-10-18T18:09:33.971707+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:164:in `call' 2014-10-18T18:09:33.971708+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/builder.rb:59:in `call' 2014-10-18T18:09:33.971709+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/rack/error_collector.rb:55:in `call' 2014-10-18T18:09:33.971711+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/rack/agent_hooks.rb:32:in `call' 2014-10-18T18:09:33.971712+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.8.1.221/lib/new_relic/rack/browser_monitoring.rb:27:in `call' 2014-10-18T18:09:33.971713+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-ssl-1.4.1/lib/rack/ssl.rb:27:in `call' 2014-10-18T18:09:33.971714+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call' 2014-10-18T18:09:33.880979+00:00 app[web.1]: I, [2014-10-18T18:09:33.880840 #15] INFO -- omniauth: (facebook_access_token) Callback phase initiated. 2014-10-18T18:09:33.971716+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'

我偶然发现了一条推文，其中提到 facebook 以某种方式悄悄地处理了贵宾犬漏洞，我觉得这与我所经历的事情有关。我不知道如何解决它

【问题讨论】：

标签： ruby-on-rails facebook ssl omniauth poodle-attack

【解决方案1】：

基本上，万一这发生在任何人身上——我正在使用omniauth-facebook gem，而那个gem中的某些东西（不确定在哪里）继续使用sslv3（尽管facebook由于POODLE漏洞而放弃了它）。我只是改用考拉宝石，我很高兴！

【讨论】：

感谢@volk 发布此答案。那么，您是否使用omniauth 进行用户身份验证？我和你有同样的问题，但是，我不知道如何在那种情况下使用考拉作为替代品。谢谢。
我将omniauth-facebook 与omniauth-facebook-access-token gem (github.com/SoapSeller/omniauth-facebook-access-token) 结合使用。我唯一的身份验证是确认 facebook 访问令牌是合法的，然后发回我的应用程序独有的特殊身份验证令牌。（它是一个 iphone 应用程序）
谢谢@volk。我可以通过将我的 gem 更新到仅依赖于 ssl v2 的版本来解决我的问题。 stackoverflow.com/questions/26694173/…
真棒@MattLong。我记得我当时尝试升级，但它对我不起作用。我不知道为什么，但很高兴听到它对你有用！

【解决方案2】：

看看这个问题，它可能有你正在寻找的解决方案。您也可以关闭 SSL 验证，这显然不是一个好的永久解决方案，但它可以让您暂时运行您的应用

How to get rid of OpenSSL::SSL::SSLError

【讨论】：

嘿，所以我只是尝试添加这个： :client_options => { :ssl => { :ca_path => "#{Rails.root}/lib/ssl/cacert.pem" } } 和它没用:(
尝试 no_verify 选项