phl*_*ton 5 ruby ssl-certificate bundler gemfile geminabox
我正在尝试建立一个私人的geminabox服务器来容纳我的项目正在开发的一些宝石。我已经设置了服务器,乘客nginx将geminabox作为机架应用程序运行。我无需使用SSL就可以捆绑指向服务器的安装。
由于裸HTTP流量从来都不是理想的,因此我也想添加SSL。为了获得概念验证的效果,我添加了SSL证书,并验证仍然可以看到已安装gem的geminabox前端。
当我回到我的ruby项目时,我运行捆绑安装并获得:
Could not verify the SSL certificate for https://********.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
通过链接,错误消息给了我,我决定首先添加〜/ .gemrc及其内容:
:ssl_verify_mode: 0
(不理想,也不是永久解决方案)。现在我得到:
Fetching source index from https://***.com/
Resolving dependencies...
Could not verify the SSL certificate for
https://***.com/quick/Marshal.4.8/sqlite3-1.3.10-x86-mswin32-60.gemspec.rz.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA
certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.
我的问题是,如何正确将捆绑包中的SSL验证设置为“关闭”?我应该使用其他设置吗?谢谢你提供的所有帮助...
我的系统:
Ubuntu 14.04
Ruby 2.1.2
捆绑器版本1.8.4
这里不是回答如何禁用验证(我不确定如何或是否可能,并且我不能推荐它),而是如何指定自定义 CA 证书文件的路径,这是一个更安全的解决方案:
bundle config --global ssl_ca_cert /path/to/file.pem
来源http://bundler.io/man/bundle-config.1.html#LIST-OF-AVAILABLE-KEYS