Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
How to set the certificate file for Net::HTTP library-wide

In my previous post I described how to securely acquire the Mozilla list of root certificates and convert them to a form usable by curl and various libraries which don't ship with them.

Next, I want to point Net:HTTP at this file library-wide, so that it is used by all invocations of methods accessing https resources (in particular, Kernel#open, which in ruby 1.8.7 does not have a ca_file option and is therefore unusable with https). I hunted around the ruby standard library for a couple hours and came up with this:

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=
    def use_ssl=(flag)
      self.ca_file = "/path/to/ca-bundle.crt"
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER # ruby default is VERIFY_NONE!
      self.original_use_ssl = flag
    end
  end
end

Now you can do things like

open "https://www.google.com/"

ta da!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment