A ca_file is not the same as a cert or key. This commit only sets http.ca_file = @ssl_cert_file and ignores http.cert and http.key. Depending on the format of your ssl_cert_file, it may throw errors if you try to parse it as a X509 Certificate or RSA key (it did for me).
http.ca_file = @ssl_cert_file
You should use different config keys (e.g. ssl_509cert and ssl_key_file) if you'd like users to set the key or cert file specifically. Neither worked for me, so I didn't bother.
Check http://martinottenwaelter.fr/2010/12/ruby19-and-the-ssl-error/ for an example of the two different ways he solved SSL certificate verification errors. You already support http.ca_path = @ssl_cert_path (even though you don't demonstrate it in your sample config file). This commit adds support for http.ca_file as well.
http.ca_path = @ssl_cert_path
I tested this on a small EC2 instance running the Amazon AMI with Ruby v1.8.7p357. The ca_file is /etc/ssl/certs/ca-bundle.crt. ca_path didn't work. The blog link indicates ca_path may only work on Ubuntu.
An ssl_cert_file is not the same as a cert or key. Use http.ca_file =…
… ssl_cert_file. Use a different config key for http.cert and http.key.
eddroid, thanks for the fix! We can confirm that we were seeing the same SSL/cert issue on CentOS, used your patch on our fork, and it fixes the problem.
I agree that it should be merged into the gem.
thanks for validating, i'll merge this fix into the next version.