Skip to content

Instantly share code, notes, and snippets.

Created May 28, 2011 02:00
  • Star 18 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jjb/996510 to your computer and use it in GitHub Desktop.
How to set the certificate file for Net::HTTP library-wide

In my previous post I described how to securely acquire the Mozilla list of root certificates and convert them to a form usable by curl and various libraries which don't ship with them.

Next, I want to point Net:HTTP at this file library-wide, so that it is used by all invocations of methods accessing https resources (in particular, Kernel#open, which in ruby 1.8.7 does not have a ca_file option and is therefore unusable with https). I hunted around the ruby standard library for a couple hours and came up with this:

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=
    def use_ssl=(flag)
      self.ca_file = "/path/to/ca-bundle.crt"
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER # ruby default is VERIFY_NONE!
      self.original_use_ssl = flag

Now you can do things like

open ""

ta da!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment