Turn off SSL certificate verification in Ruby

ruby ssl ssl-certificate
18,841

The following code will disable verification of the certificate. Note that this necessarily implies that invalid certificates will be accepted.

http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
Share:
18,841
ChrisInEdmonton
Author by

ChrisInEdmonton

Updated on June 26, 2022

Comments

  • ChrisInEdmonton
    ChrisInEdmonton almost 2 years

    When using 'net/https' and ssl, how do I disable verification of the resulting SSL certificate?

  • EricLaw
    EricLaw almost 15 years
    Which, in turn, implies that any code that does this is inherently a security hole.
  • ChrisInEdmonton
    ChrisInEdmonton almost 15 years
    This is most certainly true. It should be true that the security hole is exactly the same as if you had simply not used https in the first place.
  • Henley
    Henley about 11 years
    A security hole in the right context. Otherwise, it gets the job done.
  • Matthew Clark
    Matthew Clark over 10 years
    I found this useful in a development environment by using if Rails.env.development?. I use a Mac, and even though I have an up-to-date ca-bundle.crt, sometimes I'd get the "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed" error anyway. This way, my production servers stay secure.
  • Justin Ohms
    Justin Ohms over 7 years
    @ChrisInEdmonton The security hole presented by allowing invalid certificates is significantly different than the hole of not using https. While neither is secure they are insecure for different reasons. Without https the payload is not encrypted in anyway. With an invalid cert the payload is encrypted you just have no guarantee of authenticity of the provider of the cert. Both are bad but not equivalent and with very different implications.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Redmine subversion won't ignore certificate error even if told
Connecting using https to a server with a certificate signed by a CA I created
Firebase Hosted flutter app shows not a secure connection error when launching an external URL
How to Bypass SSL Certificate Verification in flutter?
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Loading HTTPS in UIWebView
Some clients accept SSL cert; others reject it
Creating Self-Signed CA Certificate with makecert.exe
Error while creating self-signed SSL certificate
Connecting to MySQL server with ssl