Force net/http to verify SSL certificates
Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.
Related cards:
Ruby: How to connect to a host with expired SSL certificate
If you need to make an HTTPS connection to a host which uses an expired certificate, do not disable certificate verifications entirely. Doing that enables e.g. man in the middle attacks.
If you accept only a single expired and known certifica...
Customize tokenization of the MySQL FULLTEXT parser
The way MySQL's FULLTEXT tokenizer splits text into word tokens might not always be what you need. E.g. it splits a word at period characters.
Since the tokenizer has near-zero configuration options (minimum word length and stopwords list), you n...
Missing certificates for rubygems and bundler in Ruby 1.8.7
Using Ruby 1.8.7 you will not be able to use the maximum versions Rubygems 1.8.30 and Bundler 1.17.3 with https://rubygems.org/
anymore. This is a result of a server certificate on December 5th, 2020. The resulting errors will...
RestClient / Net::HTTP: How to communicate with self-signed or misconfigured HTTPS endpoints
Occasionally, you have to talk to APIs via HTTPS that use a custom certificate or a misconfigured certificate chain (like missing an intermediate certificate).
Using RestClient will then raise RestClient::SSLCertificateNotVerified
errors, or wh...
Working around OpenSSL::SSL::SSLErrors
If your requests blow up in Ruby or CURL, the server you're connecting to might only support requests with older SSL/TLS versions.
You might get an error like: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
...
How to make Rational#to_s return strings without denominator 1 again
The way Rational#to_s
works on Ruby has changed from Ruby 1.9 on. Here is how to get the old behavior back.
You may want this for things where Rationals are being used, like when subtracting Date
objects from one another.
What's happening?...
How to subscribe to Ruby security updates
Ruby publishes security issues and MRI updates on ruby-lang.org. Unfortunately there is no straight-forward way to subscribe to these updates via e-mail.
I fixed this for me by taking [their RSS feed](htt...
How to make changes to a Ruby gem (as a Rails developer)
At makandra, we've built a few gems over the years. Some of these are quite popular: spreewald (> 1M downloads), active_type (> 1M downloads), and geordi (> 200k downloads)
Developing a Ruby gem is different from developing Rails applications, w...
Check SSL certificates
Installing SSL certificates usually implies additionally using intermediate certificates. If one of them is missing, some SSL client implementations might fail with failures such as
curl
~ curl -v https://host-to-check
curl: (60) SSL...
Rails: Flagging all cookies as secure-only to pass a security audit
Why secure-only cookies used to be necessary
Cookies have an optional secure
flag. It tells the browser to not send the cookie f...