Force net/http to verify SSL certificates

Posted . Visible to the public.

Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.

Last edit
Keywords
ruby, security, makandra
License
Source code in this card is licensed under the MIT License.
Posted by Lexy to makandra dev (2010-12-12 22:05)