Open mikz opened 7 years ago
been hit by this too, any chance it can be reviewed?
In case somebody spent last 3 hours tracing SSL errors down to this issue, here is workaround which works for me:
for x in ./lib/ruby/gems/*/gems/**/cacert.pem; do rm $x; ln -s /etc/ssl/certs/ca-certificates.crt $x; done
We are running with https://github.com/nahi/httpclient/compare/master...mikz:ssl-env-cert and it works just fine. And set the SSL_CERT_DIR
or SSL_CERT_FILE
env variable.
That is just a terrible workaround and would be way better for httpclient to use OpenSSL cert store it was compiled with.
any updates on this?
OpenSSL says SSL_CERT_FILE and SSL_CERT_DIR environment variables can be used to set default location for certificate fails. HTTPClient ignores this setting.
Net::HTTP respects that setting.
HTTPClient does not.
There is no system-wide way of configuring HTTPClient to use default system store and has to be initialised on per instance basis as described in https://github.com/nahi/httpclient/issues/335.
Also, the bundle cacert.pem is almost 2 years old missing several important updates.
I think HTTPClient should not default to own bundled CA certificates if system provides that. That might be broken on Windows, but this breaks it on every other UNIX platform.