Skip to content

No way to set verify_mode durably #3

rab opened this Issue Dec 1, 2009 · 1 comment

1 participant

rab commented Dec 1, 2009

You want to remove the warning, so you set the CA file:

Rightscale::HttpConnection.params[:ca_file] = CA_FILE

Argh! OK, this just makes is worse. Rather than banishing the typical error "warning: peer certificate won't be verified in this SSL session", this causes "hostname was not match with the server certificate" when an S3 bucket name is DNS-compatible because there is a lookup to '' so THAT is what the certificate has to match. Unfortunately, there doesn't seem to be any way to set the HTTP connection's verify_mode to be OpenSSL::SSL::VERIFY_NONE. In particular, the connection will be closed and re-established for low-level errors so the setting would have to be specified in a way that it could be reapplied to every new connection. A simple solution would be to set @http.verify_mode=OpenSSL::SSL::VERIFY_NONE when there is no ca_file given.

rab commented Dec 1, 2009

My fork (rab/right_http_connection@fb47d2b) is effectively the same as the "minor fix for Ruby 1.9" mattmatt/right_http_connection@3b68e31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.