I was using the open-uri library to download HTML in an accessibility test when I found that it does not work well when the remote site has an expired certificate. In this case open-uri will throw a “certificate expired” exception. This may be ok as a default behaviour, but there is no option to override the check.

Fortunately you can easily change the behaviour by editing the open-uri source. If you are on Windows it is available in C:\ruby\lib\ruby\1.8\open-uri.rb depending on your installation directory of course.

Somewhere around line 232 (in the version distributed in Ruby 1.8.5) you can see the certificate verification mode used:

1
http.verify_mode = OpenSSL::SSL::VERIFY_PEER

To skip certificate verification you can change VERIFY_PEER to VERIFY_NONE. The complete section should read:

1
2
3
4
5
6
if target.class == URI::HTTPS require 'net/https' 
http.use_ssl = true 
http.verify_mode = OpenSSL::SSL::VERIFY_NONE 
store = OpenSSL::X509::Store.new store.set_default_paths 
http.cert_store = store 
end