Recommended bundle here https://curl.haxx.se/ca/cacert.pem

from page https://curl.haxx.se/docs/caextract.html

Hi @stevegraham,

Can you add a license? MIT or whatever blows your hair back?

Thanks,
Marc

It returns:

404 Not Found
nginx/1.6.2

Thanks!

https://bugs.ruby-lang.org/issues/15893 deprecated (and finally removed in Ruby 3.0) the extension to Kernel.open by open-uri.

This breaks line 13 of certified-update.

A maximally backward compatible fix is:

-open(CERT_BUNDLE_URL) do |remote_file|
+URI(CERT_BUNDLE_URL).open do |remote_file|

How to do that?

certified-update is typed as certifed-update

System cert store is more likely to be kept current. It would be sensible to detect if the system is broken then only act at that point. Suggestions welcome.

cc @martoche

It's not a good idea to bundle the .crt file in the gem. You should rely on the system's certificates, especially on production machines on which security updates are installed regularly, so you're sure that the certificates list is always up to date.

I was running into the infamous SSL error issue when opening pretty much any https url. After installing this gem things got better but am still getting the same error for some domains. E.g. if I type the following in the console:

url="https://itunes.apple.com"
f=open(url, :allow_redirections => :all)

yields:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Any idea how to solve this?
Thanks!

Would be very nice if one could set the path to the ca file via an initializer!