In my previous post I described how to securely acquire the Mozilla list of root certificates and convert them to a form usable by curl and various libraries which don't ship with them.
Next, I want to point Net:HTTP at this file library-wide, so that it is used by all invocations of methods accessing https resources (in particular, Kernel#open, which in ruby 1.8.7 does not have a ca_file option and is therefore unusable with https). I hunted around the ruby standard library for a couple hours and came up with this:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = "/path/to/ca-bundle.crt"
self.verify_mode = OpenSSL::SSL::VERIFY_PEER # ruby default is VERIFY_NONE!
self.original_use_ssl = flag
end
end
endNow you can do things like
open "https://www.google.com/"ta da!