I managed to come up with a solution (a while back now, so I hope it is still applicable).
According to the comments in my code, I needed to monkey patch cert_store=
as well "as use_ssl=
as Net::HTTP
and OpenURI.open_http
call these methods in different orders, so we need to ensure certificates are consistently added."
So, here is my solution:
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
store = OpenSSL::X509::Store.new
store.set_default_paths # Auto-include the system CAs.
self.cert_store = store # Now include internal certificates.
self.verify_mode = OpenSSL::SSL::VERIFY_PEER # Force verification.
self.original_use_ssl = flag
end
alias_method :original_cert_store=, :cert_store=
def cert_store=(store)
Dir[Rails.root + 'config/certificates/*'].each do |cert|
store.add_cert(OpenSSL::X509::Certificate.new(File.read(cert)))
end
self.original_cert_store = store
end
end
end
Hope that helps