From: bar.hofesh@... Date: 2016-08-18T14:19:26+00:00 Subject: [ruby-core:76969] [Ruby trunk Bug#12687] OpenSSL::X509::Store wont load certificates from set_default_paths Issue #12687 has been updated by Bar Hofesh. Kazuki Yamaguchi wrote: > It's working for me: > > ~~~ > OpenSSL::X509::DEFAULT_CERT_DIR #=> "/usr/lib/ssl/certs" > cert, *chain = OpenSSL::SSL::SSLSocket.new(TCPSocket.new("bugs.ruby-lang.org", 443)).connect.peer_cert_chain > store = OpenSSL::X509::Store.new > store.verify(cert, chain) #=> false > store.set_default_paths > store.verify(cert, chain) #=> true > ~~~ > > OpenSSL::X509::Store#set_default_paths itself does not import any certificates but configures the store to load from OpenSSL::X509::DEFAULT_CERT_{DIR,FILE} as needed. > > If you added a custom certificate to the directory, you have to run `c_rehash` so that OpenSSL can find it. I see, is there a way to call c_rehash from Ruby ? ---------------------------------------- Bug #12687: OpenSSL::X509::Store wont load certificates from set_default_paths https://bugs.ruby-lang.org/issues/12687#change-60196 * Author: Bar Hofesh * Status: Feedback * Priority: Normal * Assignee: * ruby -v: "2.2.5" revision: 54072 * Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN ---------------------------------------- Setting up a new instance of OpenSSL::X509::Store, and setting "set_default_paths" will not actually import any certificates into Store. Environment: Ubuntu 14.04 `File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE => "/usr/lib/ssl"` use the store to verify a certificate (store.verify(ssl_certificate)) returns false After manually doing: `Dir.glob("/usr/lib/ssl/certs/*").each do |cert| begin cert_store.add_file cert rescue Exception next end end` the verify returns true. -- https://bugs.ruby-lang.org/ Unsubscribe: