OpenSSL :: SSL :: SSLError:SSL_connect返回= 1 errno = 0状态= SSLv3读取服务器证书B:证书验证失败

如果未使用本机OpenSSL库正确设置默认的"OpenSSL目录"，则有时会发生这种情况. open-uri使用OpenSSL::X509::Store#set_default_paths来告诉OpenSSL在OpenSSL目录中查找包含默认情况下OpenSSL信任的受信任根证书的文件.

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

在您的情况下，此查找失败.您可以通过设置覆盖默认设置的环境变量来使它成功，并告诉OpenSSL在该目录中查找:

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

这是我的Fedora 16 64位上根CA捆绑包的默认位置，其他受欢迎的位置是/etc/ssl/ca-bundle.crt等.在您的情况下，RVM使用的OpenSSL库位于$ rvm_path中/usr，因此您应该在此处查找缺省的根CA文件的合适候选者.正确设置环境变量后，对open-uri的调用将成功.

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

要使环境变量永久存在，请使用常规方法，例如在.bashrc，/etc/profile中定义导出，或根据您的情况选择最合适的方法.

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.