You can clone with
HTTPS or Subversion.
First, @dlee brought up the point in #143 that we have zero tests. Sure, you can initialize a Connection object and assert that the :ssl hashes are there, but that's not enough. We should have an SSL test suite. If we can find a way to boot up a rack app with real SSL (not proxied through nginx), that'd be awesome.
Finally, how can we make managing certs easier? I work on github-services, and it pains me every time I see SSL verification being disabled (not to pick on any one service, most of them have it). I really wanted to make verified SSL the default, but it's really difficult to ensure it works on every hook. I have hooks hitting a wide variety of servers, and some even let the user enter their own for private installations.
People give ruby shit for being lax about HTTPS (and rightfully so), but the best advice I've seen is "Don't use VERIFY_NONE". What can we do to change that with "Use Faraday"?
Merge branch 'ssl'
Closes #148, references #145
Closing this since our CI suite runs fully on SSL now with tests for proper cert verification. We've come a long way!