/gist:1515075
Created Dec 23, 2011
Net::Http *does* validate certificates by default
| require 'net/http' | |
| require 'openssl' | |
| #VeriSign root | |
| root = OpenSSL::X509::Certificate.new <<-EOF | |
| -----BEGIN CERTIFICATE----- | |
| MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG | |
| A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz | |
| cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 | |
| MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV | |
| BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt | |
| YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN | |
| ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE | |
| BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is | |
| I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G | |
| CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do | |
| lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc | |
| AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k | |
| -----END CERTIFICATE----- | |
| EOF | |
| url = URI.parse('https://www.google.com/') | |
| req = Net::HTTP::Get.new(url.path) | |
| socket = Net::HTTP.new(url.host, 443) | |
| socket.use_ssl = true | |
| #store = OpenSSL::X509::Store.new | |
| #store.add_cert(root) | |
| #socket.cert_store = store | |
| socket.start do |http| | |
| response = http.request(req) | |
| puts response | |
| end | |
| #--> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) | |
| # if the comments are removed, then it will work |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment