Project

always_verify_ssl_certificates

0.04
No commit activity in last 3 years
No release in over 3 years
There's a lot of open issues
always_verify_ssl_certificatesjamesgolick/always_verify_ssl_certificatesHomepageDocumentationSource CodeBug TrackerWiki
Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
25,499
Stars
97
Forks
11
Watchers
7
 Releases
Current version
0.3.0
Total releases
3
First release
2010-12-07
Latest release
2011-03-17
 Issues
Open Issues
3
Closed Issues
3
Total Issues
6
Issue Closure Rate
50%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
2
Merged Pull Requests
0
Pull Request Acceptance Rate
0%
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-01-02
Reverse Dependencies
2

 Dependencies
 Project Readme

always_verify_ssl_certificates¶ ↑

Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.

All you need to do is require this gem and you’ll get good security by default.

$ gem install always_verify_ssl_certificates

require "always_verify_ssl_certificates"

Copyright¶ ↑

Copyright © 2010 James Golick. See LICENSE for details.