使用rubygem访问Shopify API时出现SSL_connect错误

Question

我无法使用shopify_api gem访问Shopify API.

这是发生的事情:

>> require "shopify_api" #=> false
>> ShopifyAPI::Base.site = "https://username:secret@mysite.myshopify.com/admin"
=> "https://username:secret@mysite.myshopify.com/admin"
>> products = ShopifyAPI::Product.find(:all)
Errno::ECONNRESET: Connection reset by peer - SSL_connect
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:744:in `start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:1284:in `request'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:1026:in `get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:113:in `block in request'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in `block in instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in `instrument'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:110:in `request'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/shopify_api-3.0.1/lib/active_resource/connection_ext.rb:13:in `request_with_detailed_log_subscriber'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:80:in `block in get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:218:in `with_auth'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/connection.rb:80:in `get'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/base.rb:901:in `find_every'
    from /Users/zubin/.rvm/gems/ruby-1.9.3-p194/gems/activeresource-3.2.8/lib/active_resource/base.rb:813:in `find'
    from (irb):21
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/bin/irb:16:in `<main>'

认为这是ruby的openssl绑定的问题,我使用RVM安装了openssl并重新安装了ruby:

rvm pkg install openssl
rvm reinstall 1.9.3-p194 --with-openssl-dir=~/.rvm/usr

但这没有帮助.

所以我尝试连接普通ol' NET::HTTPS,并能够连接到另一个网站,但不能shopify.

>> require "net/https" #=> false
>> require "uri" #=> false
>> uri = URI.parse("https://google.com/") #=> #<URI::HTTPS:0x007fa27bb243f8 URL:https://google.com/>
>> http = Net::HTTP.new(uri.host, uri.port) #=> #<Net::HTTP google.com:443 open=false>
>> http.use_ssl = true #=> true
>> http.verify_mode = OpenSSL::SSL::VERIFY_NONE #=> 0
>> http.start { |agent| p agent.get(uri.path).read_body }
"<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"https://www.google.com/\">here</A>.\r\n</BODY></HTML>\r\n"
=> "<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"https://www.google.com/\">here</A>.\r\n</BODY></HTML>\r\n"
>> uri = URI.parse("https://mysite.myshopify.com/admin/")
=> #<URI::HTTPS:0x007fa27d1f5e38 URL:https://mysite.myshopify.com/admin/>
>> http = Net::HTTP.new(uri.host, uri.port) #=> #<Net::HTTP mysite.myshopify.com:443 open=false>
>> http.use_ssl = true #=> true
>> http.verify_mode = OpenSSL::SSL::VERIFY_NONE #=> 0
>> http.start { |agent| p agent.get(uri.path).read_body }
Errno::ECONNRESET: Connection reset by peer - SSL_connect
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:744:in `start'
    from (irb):18
    from /Users/zubin/.rvm/rubies/ruby-1.9.3-p194/bin/irb:16:in `<main>'

所以这排除了我的ruby/openssl设置.是什么导致了SSL_connect错误？

Answer 1

最有可能的是,您的客户端正在尝试使用TLS 1.2最近SSL/TLS使用的协议之一进行连接HTTPS.我们的负载平衡硬件有一个已知的问题TLS 1.2,虽然我自己没有意识到它,直到我自己独立地发现了这个错误.

我让其余的运营团队意识到了这一点,我希望我们能尽快解决这个问题.在那之前,你可以使用

http.ssl_version = :TLSv1

强迫Ruby使用TLS 1.0.