Skip to content

HTTPS

Jump to bottom Edit New page
Tony Arcieri edited this page Jan 5, 2018 · 19 revisions

The HTTP gem supports HTTPS via Ruby's built-in OpenSSL module. Unlike certain other Ruby HTTP clients, all you have to do in order to use HTTPS is pass in an https://-prefixed URL. That's it!

Client Certificates

To use client certificates, you can pass in a custom OpenSSL::SSL::SSLContext object containing the certificates you wish to use:

ctx      = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(File.read("client.crt"))
ctx.key  = OpenSSL::PKey::RSA.new(File.read("client.key"))

HTTP.get("https://www.google.com", :ssl_context => ctx)

Disabling Certificate Verification (i.e. INSECURE USAGE)

This section describes how to turn off HTTPS security while still pretending to use HTTPS. Please do NOT do this. With certificate verification disabled, HTTPS provides NO SECURITY. We include this information in our documentation extremely reluctantly, after having been asked about it repeatedly. We do so only because we'd rather have a single, easy-to-grep-for pattern for locating instances where security has been explicitly disabled, and furthermore use one people are already looking for, i.e. VERIFY_NONE.

Here is how to create an OpenSSL::SSL::SSLContext with certificate verification disabled and pass it to a request method:

ctx = OpenSSL::SSL::SSLContext.new
# ...
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE

HTTP.get("https://www.google.com", :ssl_context => ctx)
Add a custom footer
Add a custom sidebar
Clone this wiki locally