In my previous post I described how to securely acquire the Mozilla list of root certificates and convert them to a form usable by curl and various libraries which don't ship with them.
Next, I want to point
Net:HTTP at this file library-wide, so that it is used by all invocations of methods accessing https resources (in particular,
Kernel#open, which in ruby 1.8.7 does not have a ca_file option and is therefore unusable with https). I hunted around the ruby standard library for a couple hours and came up with this:
alias_method :original_use_ssl=, :use_ssl=
self.ca_file = "/path/to/ca-bundle.crt"
self.verify_mode = OpenSSL::SSL::VERIFY_PEER # ruby default is VERIFY_NONE!
self.original_use_ssl = flag
Now you can do things like