Skip to content
Browse files

use an included ca cert bundle for convenience

  • Loading branch information...
1 parent ba12890 commit 3d11e2c8e0527fd72d55bb17977b50fb7f567abb @andrewmbenton andrewmbenton committed
Showing with 3,378 additions and 4 deletions.
  1. +3,376 −0 conf/cacert.pem
  2. +2 −4 lib/twilio-ruby/rest/client.rb
View
3,376 conf/cacert.pem
3,376 additions, 0 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
6 lib/twilio-ruby/rest/client.rb
@@ -207,10 +207,8 @@ def set_up_ssl_from(config) # :doc:
@connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
if config[:ssl_ca_file]
@connection.ca_file = config[:ssl_ca_file]
- elsif File.exists? '/etc/ssl/certs/ca-certificates.crt'
- @connection.ca_file = '/etc/ssl/certs/ca-certificates.crt'
- elsif File.exists? '/opt/local/share/curl/curl-ca-bundle.crt'
- @connection.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
+ else
+ @connection.ca_file = '../../../conf/cacert.pem'
end
else
@connection.verify_mode = OpenSSL::SSL::VERIFY_NONE

2 comments on commit 3d11e2c

@kevinburke

Since all of the requests are going to api.twilio.com, you could probably ship only our certificate and do fine.

@andrewmbenton

first of all, i use the library to connect to dev and stage as well, which have different certs. also, we may in the future expose a public test api at a different domain, which would require a different cert.

but more importantly, i don't see how including our certificate as the ca cert allows us to verify the cert presented by the server. we need the ca cert of the ca that signed our cert, which is included in the firefox bundle that i packaged, but i don't think that our cert will work as a verification cert on itself?

Please sign in to comment.
Something went wrong with that request. Please try again.