Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to set the certificate file for Net::HTTP library-wide

In my previous post I described how to securely acquire the Mozilla list of root certificates and convert them to a form usable by curl and various libraries which don't ship with them.

Next, I want to point Net:HTTP at this file library-wide, so that it is used by all invocations of methods accessing https resources (in particular, Kernel#open, which in ruby 1.8.7 does not have a ca_file option and is therefore unusable with https). I hunted around the ruby standard library for a couple hours and came up with this:

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=
    def use_ssl=(flag)
      self.ca_file = "/path/to/ca-bundle.crt"
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER # ruby default is VERIFY_NONE!
      self.original_use_ssl = flag

Now you can do things like

open ""

ta da!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.