工作中遇到一个问题,https双向认证请求,curl和python都能验证通过,可是ruby脚本最近验证一直是400证书错误。
1)curl双向认证 :
curl -k --cert ssl.chain.crt --key server.key --request GET 'https://xxx'
# {"code":404 NOT_FOUND,"message": "404 NOT_FOUND"}
2)python双向认证:
import requests
dir = '/Users/harold.gao/Downloads/nonlive-seabank-20221115-5/client/'
cert = (dir + 'ssl.chain.crt', dir + 'server.key')
response = requests.get('https://api-uat1.uat.seabank.ph', cert=cert, verify=True)
print(response.text)
# {"code":404 NOT_FOUND,"message": "404 NOT_FOUND"}
3)ruby双向认证:
require 'openssl'
require "rest-client"
keyPath = "/Users/xxx"
url = 'https://xxx'
uri = URI.parse(url)
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = true
https.key = OpenSSL::PKey::RSA.new(File.read("#{keyPath}server.key"))
https.cert = OpenSSL::X509::Certificate.new(File.read("#{keyPath}ssl.chain.crt"))
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
https.verify_depth = 3
request = Net::HTTP::Get.new(uri.request_uri)
response = https.request(request)
puts response.code # 400
puts response.body # <head><title>400 The SSL certificate error</title></head>
进一步实验发现,同一套ruby脚本,过去生成的证书校验是OK的,只是最近生成的新证书ruby校验有这个问题。推测和最近生成的新证书的格式有关,只影响到了ruby的校验。