From: k@... Date: 2016-08-18T13:12:40+00:00 Subject: [ruby-core:76965] [Ruby trunk Bug#12687][Feedback] OpenSSL::X509::Store wont load certificates from set_default_paths Issue #12687 has been updated by Kazuki Yamaguchi. Status changed from Open to Feedback It's working for me: ~~~ OpenSSL::X509::DEFAULT_CERT_DIR #=> "/usr/lib/ssl/certs" cert, *chain = OpenSSL::SSL::SSLSocket.new(TCPSocket.new("bugs.ruby-lang.org", 443)).connect.peer_cert_chain store = OpenSSL::X509::Store.new store.verify(cert, chain) #=> false store.set_default_paths store.verify(cert, chain) #=> true ~~~ OpenSSL::X509::Store#set_default_paths itself does not import any certificates but configures the store to load from OpenSSL::X509::DEFAULT_CERT_{DIR,FILE} as needed. If you added a custom certificate to the directory, you have to run `c_rehash` so that OpenSSL can find it. ---------------------------------------- Bug #12687: OpenSSL::X509::Store wont load certificates from set_default_paths https://bugs.ruby-lang.org/issues/12687#change-60191 * Author: Bar Hofesh * Status: Feedback * Priority: Normal * Assignee: * ruby -v: "2.2.5" revision: 54072 * Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN ---------------------------------------- Setting up a new instance of OpenSSL::X509::Store, and setting "set_default_paths" will not actually import any certificates into Store. Environment: Ubuntu 14.04 `File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE => "/usr/lib/ssl"` use the store to verify a certificate (store.verify(ssl_certificate)) returns false After manually doing: `Dir.glob("/usr/lib/ssl/certs/*").each do |cert| begin cert_store.add_file cert rescue Exception next end end` the verify returns true. -- https://bugs.ruby-lang.org/ Unsubscribe: