Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always set OpenSSL default paths #772

Merged
merged 1 commit into from Jan 12, 2022
Merged

Conversation

stanhu
Copy link
Contributor

@stanhu stanhu commented Jan 12, 2022

Previously if you set SSL_CERT_FILE to a directory with no certs,
this script would fail:

require 'openssl'
require 'excon'

ENV['SSL_CERT_DIR'] = '/path/to/no/ssl/certs/'

excon = Excon.new('https://www.google.com')
excon.get

However, the same script with Net::HTTP works fine:

require 'openssl'
require 'net/http'

ENV['SSL_CERT_DIR'] = '/path/to/no/ssl/certs/'

Net::HTTP.get(URI('https://www.google.com'))

To match the behavior of Net::HTTP, always call
OpenSSL::X509::Store#set_default_paths unless there is a store
specified.

Previously if you set `SSL_CERT_FILE` to a directory with no certs,
this script would fail:

```ruby
require 'openssl'
require 'excon'

ENV['SSL_CERT_DIR'] = '/path/to/no/ssl/certs/'

excon = Excon.new('https://www.google.com')
excon.get
```

However, the same script with `Net::HTTP` works fine:

```ruby
require 'openssl'
require 'net/http'

ENV['SSL_CERT_DIR'] = '/path/to/no/ssl/certs/'

Net::HTTP.get(URI('https://www.google.com'))
```

To match the behavior of Net::HTTP, always call
`OpenSSL::X509::Store#set_default_paths` unless there is a store
specified.
geemus
geemus approved these changes Jan 12, 2022
Copy link
Contributor

@geemus geemus left a comment

Looks good, thanks!

@geemus geemus merged commit c9590a0 into excon:master Jan 12, 2022
6 checks passed
@geemus
Copy link
Contributor

@geemus geemus commented Jan 12, 2022

@stanhu Do you need a release for this?

@stanhu
Copy link
Contributor Author

@stanhu stanhu commented Jan 12, 2022

@geemus Thanks for the quick merge. Sure, a release would be great.

@geemus
Copy link
Contributor

@geemus geemus commented Jan 12, 2022

Sounds good. Should now be available in v0.90.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants