The Wayback Machine - https://web.archive.org/web/20100221195439/http://stackoverflow.com/questions/982329/turn-off-ssl-certificate-verification-in-ruby
vote up 0 vote down star

When using 'net/https' and ssl, how do I disable verification of the resulting SSL certificate?

flag

1 Answer

vote up 1 vote down check

The following code will disable verification of the certificate. Note that this necessarily implies that invalid certificates will be accepted.

http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
link|flag
Which, in turn, implies that any code that does this is inherently a security hole. – EricLaw -MSFT- Jul 12 at 17:40
This is most certainly true. It should be true that the security hole is exactly the same as if you had simply not used https in the first place. – ChrisInEdmonton Jul 16 at 14:58

Not the answer you're looking for? Browse other questions tagged or ask your own question.