Unable to verify Ceph server identity when using self-signed cert

[relaxdiego]

I've been able to successfully use refile-s3 to upload files to a private Ceph that uses a self-signed certificate by setting this before I initialize Refile:

Aws.config[:ssl_ca_bundle] = '/path/to/self-signed-cert.pem'

Now I'm running into an issue when attempting to download the same file because the gem uses OpenURI::OpenRead#open (https://github.com/refile/refile-s3/blob/master/lib/refile/s3.rb#L98) which doesn't know about the above cert. That method has an option to specify a cert via the :ssl_ca_cert option as listed in http://ruby-doc.org/stdlib-2.1.0/libdoc/open-uri/rdoc/OpenURI/OpenRead.html#method-i-open.

Would it make sense to modify Refile::S3#open to pick up Aws.config[:ssl_ca_bundle] if it's defined and then pass it on to OpenURI::OpenRead#open?

[relaxdiego]

Also, what's the reason why Kernel.open(object(id).presigned_url(:get)) was used instead of just object(id).get.body?

[jnicklas]

I honestly don't remember. I know we changed back and forth a bit on the exact implementation. I think we had a problem with body not being a true IO object, at least in some version of aws-sdk, though that might have changed.

[relaxdiego]

Yeah it returns a StringIO. I can see that Refile's specs use Refile::FileDouble which is really just a StringIO. I've also been using Refile::FileDouble in my app's specs where Refile is involved without problems.

Using object(id).get.body solves the issue for me since I only have to configure the cert path in one place. Would it be alright to submit a change that uses object(id).get.body?