ridley since 4.3.0 doesn't work with custom SSL CAs

[ghost]

After upgrading from ridley 4.2.0 to 4.4.2 I am unable to talk to my chef server which is using SSL certificates signed by our internal CA. It seems in 4.3.0 the HTTP client was switched to httpclient but it's not properly reading my system CA bundle.

D, [2016-01-13T15:26:33.018717 #61429] DEBUG -- : request env: #<struct Faraday::Env method=:get, body=nil, url=#<Addressable::URI:0x3fd629822e60 URI:https://<redacted>:443/nodes/<redacted>>, request=#<Faraday::RequestOptions (empty)>, request_headers={"Accept"=>"application/json", "Content-Type"=>"application/json", "X-Chef-Version"=>"11.4.0", "User-Agent"=>"Ridley v4.4.2", "X-OPS-SIGN"=>"algorithm=sha1;version=1.0;", "X-OPS-USERID"=>"<redacted>", "X-OPS-TIMESTAMP"=>"2016-01-13T21:26:33Z", "X-OPS-CONTENT-HASH"=>"2jmj7l5rSw0yVb/vlWAYkK/YBwk=", "X-OPS-AUTHORIZATION-1"=>"…", "HOST"=>"<redacted>:443"}, ssl=#<Faraday::SSLOptions (empty)>, parallel_manager=nil, params=nil, response=nil, response_headers=nil, status=nil>
E, [2016-01-13T15:26:33.191730 #61429] ERROR -- : CONVERGE_CLUSTER RUN_PHASE ERROR (ERROR: failed to initialize <redacted>: SSL_connect returned=1 errno=0 state=error: certificate verify failed)

[ghost]

This looks like the commit that broke it: https://github.com/berkshelf/ridley/commit/385bfd9a0c58024b8e1824810151662d226e05a1

We had a similar issue with the berkshelf-api-client when it switched to using httpclient

[ghost]

Found the issue berkshelf had: https://github.com/berkshelf/berkshelf-api-client/issues/9

Looks like it was an issue with how httpclient and faraday were using ssl, it was fixed in faraday here: https://github.com/lostisland/faraday/pull/494/commits