OpenSSL::SSL::SSLError: hostname "file.api.weixin.qq.com" does not match the server certificate

 

Rails在使用 rest-client 会出现ssl的问题，已rest-client ＝1.8.0 版本为例默认使用了系统的CA验证，

服务器环境 :

Ruby2.1.1

Rest-client-1.6.8 

OpenSSL 1.0.2

若是在服务器环境下其余项目使用 gem rest-client 高版本 >=1.8.0时，在请求 RestClient.post时，若是url时https 时 会提示

OpenSSL::SSL::SSLError: hostname "you host" does not match the server certificate

 解决方案：

一：跳过验证

一、OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE （这种会有警告）

二、覆盖RestClient::Request#transmit 中的 transmit 函数 

def transmit
   @ssl_opts[:verify_ssl] = OpenSSL::SSL::VERIFY_NONE
   #调用函数
end

二： 从新安装新版 openssl

rvm pkg install openssl 

rvm reinstall 2.1.1

 

#RestClient::Request源码 1.8.0

net.cert = ssl_client_cert if ssl_client_cert
  net.key = ssl_client_key if ssl_client_key
  net.ca_file = ssl_ca_file if ssl_ca_file
  net.ca_path = ssl_ca_path if ssl_ca_path
  net.cert_store = ssl_cert_store if ssl_cert_store

  # We no longer rely on net.verify_callback for the main SSL verification
  # because it's not well supported on all platforms (see comments below).
  # But do allow users to set one if they want.
  if ssl_verify_callback
    net.verify_callback = ssl_verify_callback

    # Hilariously, jruby only calls the callback when cert_store is set to
    # something, so make sure to set one.
    # https://github.com/jruby/jruby/issues/597
    if RestClient::Platform.jruby?
      net.cert_store ||= OpenSSL::X509::Store.new
    end

    if ssl_verify_callback_warnings != false
      if print_verify_callback_warnings
        warn('pass :ssl_verify_callback_warnings => false to silence this')
      end
    end
  end

  if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
    warn('WARNING: OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE')
    warn('This dangerous monkey patch leaves you open to MITM attacks!')
    warn('Try passing :verify_ssl => false instead.')
  end