I was using the open-uri library to download HTML in an accessibility test when I found that it does not work well when the remote site has an expired certificate. In this case open-uri will throw a “certificate expired” exception. This may be ok as a default behaviour, but there is no option to override the check.
Fortunately you can easily change the behaviour by editing the open-uri source. If you are on Windows it is available in C:\ruby\lib\ruby\1.8\open-uri.rb depending on your installation directory of course.
Somewhere around line 232 (in the version distributed in Ruby 1.8.5) you can see the certificate verification mode used:
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
To skip certificate verification you can change VERIFY_PEER to VERIFY_NONE. The complete section should read:
if target.class == URI::HTTPS
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
store = OpenSSL::X509::Store.new
http.cert_store = store