Requests to secure endpoints must not be made without verifying the SSL certificate. It can be fixed by setting use_ssl
in the Net::HTTP
object to true
.
Not performing SSL certificate verification on the client-side is a potential security threat. Any attacker can perform a Man In The Middle (MITM) attack by presenting their certificate as the server's certificate.
Such attacks can be mitigated by performing a certificate validation on the client's end. This way, if an invalid certificate is presented, the verification would fail, thus preventing the data transmitted to be intercepted by the attacker.
The examples below explain how to perform certificate validations in Ruby.
require 'net/https'
http_client = Net::HTTP.new('https://google.com/')
http_client.use_ssl = true
http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
require 'net/https'
http_client = Net::HTTP.new('https://google.com/')
http_client.use_ssl = true
http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER