drbrain / net-http-persistent

Thread-safe persistent connections with Net::HTTP
http://seattlerb.rubyforge.org/net-http-persistent
339 stars 117 forks source link

ssl verify peer with ruby 1.8 #7

Closed mmb closed 13 years ago

mmb commented 13 years ago

Since the change to verify peer by default it seems like ruby 1.8 has trouble verifying a lot of sites.

Any interest in adding something like this?

https://github.com/raggi/faraday/commit/209f07cb01eb4fffa4c063feab9bf2a155d1ac6e

mmb commented 13 years ago

I see that code like this is already there. I'll try to figure out why it's not working for me.

mmb commented 13 years ago

If I never set @verify_mode, the code that sets the cert_store on the connection never runs. Seems like this should always run if verify peer is being used?

drbrain commented 13 years ago

In net-http-persistent the verify_mode defaults to VERIFY_PEER unless set otherwise, see:

https://github.com/drbrain/net-http-persistent/blob/master/lib/net/http/persistent.rb#L522-549

So I'm not sure what problem you are having. Are you using net-http-persistent 2.0 or 1.9?

mmb commented 13 years ago

I'm using 2.0.

If I never manually set @verify_mode on the Net::HTTP::Persistent object it is always nil, so the code that runs store.set_default_paths never runs. verify peer gets set on the connection, but that code checks @verify_mode.

drbrain commented 13 years ago

Ah, you are right!

I will fix this shortly.