http.read_timeout = @ timeout if @ timeout
# Here's the addition that allows you to see the output
All the data that flows over the http connection will be dumped to $stderr (the terminal you started the app in, unless you redirected it).
…SSL:: VERIFY PEER is equal to OpenSSL:: SSL:: VERIFY NONE. If you have a platform that is broken this way you must define the constant: I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil
at the top level of your application to disable the warning.
Fix persisting SSL sessions through HTTP proxies. Mechanize issue #178 by Robert Poor, net-http-persistent issues #10, #11.
And nearly every net/https example uses VERIFY NONE. It's so common in example code that in the related links on the RubyInside article about the perils of VERIFY NONE , there's a link to example code that uses it (lol?).
Aaron is one of a small group of people in the ruby community who actually has the power to do something about this problem. By setting the right example, people will copy and paste good code instead of bad code. That's more useful than a million …
…virtually all Ruby libraries will attempt to set their HTTPS connections to VERIFY NONE mode ( open_uri is a common exception - it gets things right!). With most of the gems I've looked at, setting the HTTPS connections to VERIFY PEER where certificates actually get verified isn't even an option. For that reason, my gem makes it impossible to set VERIFY NONE mode. This is something we need to change as a community. It's a real and significant vulnerability.