Making open-uri play nice with HTTPS and expired certificates

I was using the open-uri library to download HTML in an accessibility test when I found that it does not work well when the remote site has an expired certificate. In this case open-uri will throw a “certificate expired” exception. This may be ok as a default behaviour, but there is no option to override the check.

Fortunately you can easily change the behaviour by editing the open-uri source. If you are on Windows it is available in C:\ruby\lib\ruby\1.8\open-uri.rb depending on your installation directory of course.

Somewhere around line 232 (in the version distributed in Ruby 1.8.5) you can see the certificate verification mode used:

To skip certificate verification you can change VERIFY_PEER to VERIFY_NONE. The complete section should read:

This entry was posted on Saturday, January 27th, 2007 at 22:21 and is filed under Ruby. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments

  1. Dyldev says at 2007-01-29 22:01:

    Nice! It would be great if this was an option though. Are there other verification modes?

  2. dominic says at 2007-04-04 17:04:

    in ruby 1.9 open-uri has this

    open(uri,:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)

Leave a comment

OpenID

Anonymous

You can use some HTML elements. You know which they are.