ruby - ruby 中的 SSL 问题但不是 curl

Question

我有以下有效的 curl 命令:

curl -k -E some_cert.pem https://someurl.com/__dirlist__

我尝试在 Ruby 中实现它:

uri = URI.parse('https://someurl.com/__dirlist__')

http_session = Net::HTTP.new(uri.host, uri.port)
http_session.ca_file = "some_cert.pem"
http_session.use_ssl = true
http_session.verify_mode = OpenSSL::SSL::VERIFY_NONE

res = http_session.get(uri.request_uri)

我试过使用所有不同版本的 SSL(使用 http_session.ssl_version = :SSLv2_client 等)，所有这些都失败了(一些消息不同)，我使用 wireshark 匹配版本查看 curl 使用的是什么，所以不要认为这是问题所在(尽管 ruby​​ 发送了一堆额外的设置，但似乎都不相关)。

通过阅读其他错误报告，我发现人们有很多与他们的证书库中没有适当的证书相关的问题，但是对于 SSL::VERIFY_NONE 我不明白这是怎么回事

我不能排除它可能是我的 Ruby 中内置的 openssl，但我认为这不太可能，因为我也在另一台机器上运行了这段代码并得到了同样的错误，我会假设 curl 正在链接相同的 openssl(我不知道如何检查)。

我查看了 rdocs，就好像我已经用尽了 Net:HTTP 中所有可用的设置。

这是我看到的无法描述的错误(略微匿名):

OpenSSL::SSL::SSLError: SSL_read:: ssl handshake failure
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `sysread'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `block in rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:68:in `timeout'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:51:in `rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:122:in `readuntil'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:132:in `readline'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2562:in `read_status_line'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2551:in `read_new'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:146:in `request'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:131:in `block in request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0@project/gems/right_http_connection-1.3.0/lib/net_fix.rb:129:in `request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:1026:in `get'

Answer 1

来自 curl 手册:

   -k, --insecure
          (SSL)  This  option explicitly allows curl to perform "insecure"
          SSL connections and transfers. All SSL connections are attempted
          to  be  made secure by using the CA certificate bundle installed
          by default. This makes  all  connections  considered  "insecure"
          fail unless -k, --insecure is used.

因此在没有 -k 的情况下运行也可能会揭示 curl 上的问题。