Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
702 views
in Technique[技术] by (71.8m points)

openssl - Ruby SSL error - sslv3 alert unexpected message

I'm trying to connect to the server https://www.xpiron.com/schedule in a ruby script. However, when I try connecting:

require 'open-uri'
doc = open('https://www.xpiron.com/schedule')

I get the following error message:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:  sslv3 alert unexpected message         
    from /usr/local/lib/ruby/1.9.1/net/http.rb:678:in `connect'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:678:in `block in connect'
    from /usr/local/lib/ruby/1.9.1/timeout.rb:44:in `timeout'
    from /usr/local/lib/ruby/1.9.1/timeout.rb:87:in `timeout'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:678:in `connect'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:637:in `do_start'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:626:in `start'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:1168:in `request'
    from /usr/local/lib/ruby/1.9.1/net/http.rb:888:in `get'
    from (irb):32
    from /usr/local/bin/irb:12:in `<main>'

I'm running Ruby 1.9.2p180. It seems to work on some other machines, so it could be a configuration problem with OpenSSL or Ruby. I tried reinstalling all the SSL libraries, and rebuilding Ruby from scratch, but nothing seems to work. Has anyone encountered this problem?

Update

On the non-working machine, the openssl version is 0.9.8o 01 Jun 2010

On the working machine, it's 0.9.8k 25 Mar 2009

So the more recent one seems to be breaking.

Furthermore, if I use a different HTTP client (Patron, based on libcurl), it works:

require 'patron'

sess = Patron::Session.new
sess.timeout = 5
url = 'https://www.xpiron.com/schedule'
resp = sess.get(url)
puts "#{resp.body}"

So this appears to be an issue with Ruby's OpenSSL bindings.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Just to answer my own question.

The problem seems to be with how Ruby negotiates SSL connections. There's an error in Xpiron's TLS mechanism, and it throws an error instead of retrying to other SSL versions.

If you force the SSL version to 3.0, it works:

require 'net/http'
url = URI.parse('https://www.xpiron.com/schedule')
req = Net::HTTP::Get.new(url.path)
sock = Net::HTTP.new(url.host, 443)
sock.use_ssl = true
sock.ssl_version="SSLv3"
sock.start do |http|
    response = http.request(req)
end

I also created an issue on Ruby's bug tracker.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...