【问题标题】:Always getting: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)总是得到: SSL_connect returned=1 errno=0 state=error: 证书验证失败(无法获取本地颁发者证书)
【发布时间】:2019-10-04 07:51:03
【问题描述】:

我使用 ruby​​-saml gem 并尝试加载 IDP 的元数据,但收到此错误:

> OneLogin::RubySaml::IdpMetadataParser.new.parse_remote('my IDP federation metadata XML URL')

Traceback (most recent call last):
       12: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/bin/irb:23:in `<main>'
       11: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/bin/irb:23:in `load'
       10: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/gems/2.6.0/gems/irb-1.0.0/exe/irb:11:in `<top (required)>'
        9: from (irb):2
        8: from /Users/my_name_here/.rvm/gems/ruby-2.6.4/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:53:in `parse_remote'
        7: from /Users/my_name_here/.rvm/gems/ruby-2.6.4/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:178:in `get_idp_metadata'
        6: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:1470:in `request'
        5: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:919:in `start'
        4: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:930:in `do_start'
        3: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:996:in `connect'
        2: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/protocol.rb:44:in `ssl_socket_connect'
        1: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock'
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate))

上面的错误是什么意思?

我试图查看我正在使用的证书,它似乎是这样的:

[13] pry(#<OpenSSL::SSL::SSLContext>)> OpenSSL::X509::DEFAULT_CERT_FILE
=> "/usr/local/etc/openssl@1.1/cert.pem"
[14] pry(#<OpenSSL::SSL::SSLContext>)> OpenSSL::X509::DEFAULT_CERT_DIR
=> "/usr/local/etc/openssl@1.1/certs"

我的证书有问题吗?

注意:我已阅读 SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate),但仍然不知道如何解决我的问题。该人手动使用证书,但我认为我不需要使用证书,因为代码应该处理证书?

【问题讨论】:

    标签: ruby openssl ssl-certificate saml-2.0 ruby-saml


    【解决方案1】:

    IDP 端证书过期,他们修复它并停止相关错误。

    【讨论】:

      猜你喜欢
      • 2019-03-09
      • 2020-11-23
      • 2020-10-09
      • 1970-01-01
      • 2020-11-22
      • 1970-01-01
      • 2019-03-19
      相关资源
      最近更新 更多