SSL certificate woes with Ruby 1.9 and OS X
I have written about Ruby and OpenSSL woes before, but I recently got bit by the issues again and the solution I had outlined earlier didn't work.
My simple testcase
require 'net/https' https = Net::HTTP.new('www.google.com', 443) https.use_ssl = true https.request_get('/')
failed with a
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
$ port install curl-ca-bundle
and tell Ruby to grab the certificates from where you installed them:
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
Sure enough, that makes the simple test case work.
But what if we cannot hardcode
ca_file paths - for example if the request is being made by a third party library? Turns out, if we set the
SSL_CERT_FILE environment variable, things work without us modifying core Ruby classes: