Type:
Class

The X509 certificate store holds trusted CA certificates used to verify peer certificates.

The easiest way to create a useful certificate store is:

cert_store = OpenSSL::X509::Store.new
cert_store.set_default_paths

This will use your system's built-in certificates.

If your system does not have a default set of certificates you can obtain a set from Mozilla here: curl.haxx.se/docs/caextract.html (Note that this set does not have an HTTPS download option so you may wish to use the firefox-db2pem.sh script to extract the certificates from a local install to avoid man-in-the-middle attacks.)

After downloading or generating a cacert.pem from the above link you can create a certificate store from the pem file like this:

cert_store = OpenSSL::X509::Store.new
cert_store.add_file 'cacert.pem'

The certificate store can be used with an SSLSocket like this:

ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.cert_store = cert_store

tcp_socket = TCPSocket.open 'example.com', 443

ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
set_default_paths

store.set_default_path Instance Public methods Adds the default certificates

2015-04-26 18:17:02
verify

verify(p1, p2 = v2) Instance Public methods

2015-04-26 18:31:07
add_crl

add_crl(p1) Instance Public methods

2015-04-26 17:53:45
verify_callback=

verify_callback=(p1) Instance Public methods General callback for

2015-04-26 18:35:36
add_file

store.add_file(file) â store Instance Public methods Adds the certificates

2015-04-26 17:55:11
add_path

add_path(p1) Instance Public methods

2015-04-26 18:02:12
new

X509::Store.new => store Class Public methods

2015-04-26 17:40:15
flags=

flags=(p1) Instance Public methods

2015-04-26 18:06:01
time=

time=(p1) Instance Public methods

2015-04-26 18:24:20
purpose=

purpose=(p1) Instance Public methods

2015-04-26 18:12:52