In Files

  • openssl/lib/openssl/x509.rb
  • openssl/ossl_ssl_session.c

Parent

Class/Module Index [+]

Quicksearch

OpenSSL::X509::StoreContext

Document-class: OpenSSL::X509::Store

The X509 certificate store holds trusted CA certificates used to verify
peer certificates.

The easiest way to create a useful certificate store is:

  cert_store = OpenSSL::X509::Store.new
  cert_store.set_default_paths

This will use your system's built-in certificates.

If your system does not have a default set of certificates you can
obtain a set from Mozilla here: http://curl.haxx.se/docs/caextract.html
(Note that this set does not have an HTTPS download option so you may
wish to use the firefox-db2pem.sh script to extract the certificates
from a local install to avoid man-in-the-middle attacks.)

After downloading or generating a cacert.pem from the above link you
can create a certificate store from the pem file like this:

  cert_store = OpenSSL::X509::Store.new
  cert_store.add_file 'cacert.pem'

The certificate store can be used with an SSLSocket like this:

  ssl_context = OpenSSL::SSL::SSLContext.new
  ssl_context.cert_store = cert_store

  tcp_socket = TCPSocket.open 'example.com', 443

  ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.

blog comments powered by Disqus