Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossi…
Ruby
Switch branches/tags
Nothing to show
Pull request Compare This branch is 1 commit ahead, 5 commits behind jamesgolick:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
.document
.gitignore
LICENSE
README.rdoc
Rakefile
VERSION
always_verify_ssl_certificates.gemspec

README.rdoc

always_verify_ssl_certificates

Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.

All you need to do is require this gem and you'll get good security by default.

$ gem install always_verify_ssl_certificates

require "always_verify_ssl_certificates"

Copyright

Copyright © 2010 James Golick. See LICENSE for details.