Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

No way to set verify_mode durably #3

Open
rab opened this Issue · 1 comment

1 participant

@rab
rab commented

You want to remove the warning, so you set the CA file:

Rightscale::HttpConnection.params[:ca_file] = CA_FILE

Argh! OK, this just makes is worse. Rather than banishing the typical error "warning: peer certificate won't be verified in this SSL session", this causes "hostname was not match with the server certificate" when an S3 bucket name is DNS-compatible because there is a lookup to 'bucket.s3.amazonaws.com' so THAT is what the certificate has to match. Unfortunately, there doesn't seem to be any way to set the HTTP connection's verify_mode to be OpenSSL::SSL::VERIFY_NONE. In particular, the connection will be closed and re-established for low-level errors so the setting would have to be specified in a way that it could be reapplied to every new connection. A simple solution would be to set @http.verify_mode=OpenSSL::SSL::VERIFY_NONE when there is no ca_file given.

@rab
rab commented

My fork (rab/right_http_connection@fb47d2b) is effectively the same as the "minor fix for Ruby 1.9" mattmatt/right_http_connection@3b68e31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.