OpenSSL::SSL::SSLError: hostname "file.api.weixin.qq.com" does not match the server certificate

 

Rails在使用 rest-client 會出現ssl的問題，已rest-client ＝1.8.0 版本爲例默認使用了系統的CA驗證，

服務器環境 :

Ruby2.1.1

Rest-client-1.6.8 

OpenSSL 1.0.2

若是在服務器環境下其餘項目使用 gem rest-client 高版本 >=1.8.0時，在請求 RestClient.post時，若是url時https 時 會提示

OpenSSL::SSL::SSLError: hostname "you host" does not match the server certificate

 解決方案：

一：跳過驗證

一、OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE （這種會有警告）

二、覆蓋RestClient::Request#transmit 中的 transmit 函數 

def transmit
   @ssl_opts[:verify_ssl] = OpenSSL::SSL::VERIFY_NONE
   #調用函數
end

二： 從新安裝新版 openssl

rvm pkg install openssl 

rvm reinstall 2.1.1

 

#RestClient::Request源碼 1.8.0

net.cert = ssl_client_cert if ssl_client_cert
  net.key = ssl_client_key if ssl_client_key
  net.ca_file = ssl_ca_file if ssl_ca_file
  net.ca_path = ssl_ca_path if ssl_ca_path
  net.cert_store = ssl_cert_store if ssl_cert_store

  # We no longer rely on net.verify_callback for the main SSL verification
  # because it's not well supported on all platforms (see comments below).
  # But do allow users to set one if they want.
  if ssl_verify_callback
    net.verify_callback = ssl_verify_callback

    # Hilariously, jruby only calls the callback when cert_store is set to
    # something, so make sure to set one.
    # https://github.com/jruby/jruby/issues/597
    if RestClient::Platform.jruby?
      net.cert_store ||= OpenSSL::X509::Store.new
    end

    if ssl_verify_callback_warnings != false
      if print_verify_callback_warnings
        warn('pass :ssl_verify_callback_warnings => false to silence this')
      end
    end
  end

  if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
    warn('WARNING: OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE')
    warn('This dangerous monkey patch leaves you open to MITM attacks!')
    warn('Try passing :verify_ssl => false instead.')
  end