Rails OpenSSL Errors, Ruby 2.0 and Rails – Certificate Verify Failed

lilu · 2013年03月28日 · 最后由 luikore 回复于 2013年03月28日 · 5230 次阅读

升级到 Ruby 2.0 之后,我在 Rails 开发中遇到了这个问题,不过,很快就在网上看到了问题的原因和解决方法,以下适用于 Mac OS X,相信 linux 下原理一致

来自 RailsAPP

Are you getting an error “OpenSSL certificate verify failed” with Ruby?

Or an error “Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0”?

You may be seeing Ruby problems with OpenSSL because of conflicts with older versions of OpenSSL or outdated certificate files.

Here are suggestions.

Errors with Ruby 2.0

Check RubyGems Version

If you get OpenSSL errors with Ruby 2.0, make sure you are using RubyGems 2.0.3 or newer:

$ gem -v

Use gem update --system to upgrade the RubyGems system gem if necessary

Old Versions of OpenSSL

The version of OpenSSL that comes with Mac OS X 10.8 is too old for Ruby 2.0. You need to install a newer one with RVM or Homebrew.

You should have OpenSSL 1.0.1e or newer installed in your environment:

$ openssl version

If you are using RVM, the newest version of RVM will install OpenSSL automatically. See the article Installing Rails. This may be the easiest solution.

You can also install Homebrew and try this:

$ brew update
$ brew install openssl
$ brew link openssl --force
$ brew install curl-ca-bundle

If OpenSSL is up to date, you may be having problems with outdated certificate files.

James Tucker (raggi) has released a simple script (openssl-osx-ca) that uses Homebrew to update the OpenSSL security certificates found in the Mac OS X Keychain. The script replaces the outdated OpenSSL security certificates on your Mac with new certificates from Mozilla.org

$ brew tap raggi/ale
$ brew install openssl-osx-ca

不用 link 的,rvm 安装的 ruby 会自动用 brew 的 openssl

# 系统的不用换
$ openssl version
OpenSSL 0.9.8r 8 Feb 2011

# 这样就可以啦
$ rvm install ruby-2.0.0-p0

# ruby 链接到的已经是新的了
$ otool -L ~/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/x86_64-darwin12.2.1/openssl.bundle
    /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
    /Users/z/.rvm/rubies/ruby-2.0.0-p0/lib/libruby.2.0.0.dylib (compatibility version 2.0.0, current version 2.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 169.3.0)
    /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
需要 登录 后方可回复, 如果你还没有账号请 注册新账号