Defect #15736
WARNING: making https request to https:// ... without verifying server certificate; no CA path was specified.
| Status: | New | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Security | |||
| Target version: | - | |||
| Resolution: | Affected version: |
Description
Hi,
when I do a openid authentication I always had this in the logs
WARNING: making https request to https://.../index.php?user=.. without verifying server certificate; no CA path was specified.
Fixing it is really simple if you know how. Simply add the following to config/environments.rb
3,5d2
< require 'openid/fetchers'
<
<
18d14
< OpenID.fetcher.ca_file = "#{Rails.root}/config/ca-bundle.crt"
and create the file ca-bundle.crt which stores your trusted CAs (in pem format) . Example file content
-----BEGIN CERTIFICATE-----
<1st trusted CA in base 64 >
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<2nd trusted CA in base 64>
-----END CERTIFICATE-----
I suggest to add the changes in enviroment.rb and add a comment in the file which explains how to use it. Also this might be added to the docu somewhere.