In article <41EAB707.7020808 / ntecs.de>,
  Michael Neumann <mneumann / ntecs.de> writes:

> Hm, yes, you're right. I don't know how to do it, or whether that would 
> fit into open-uri.

The problem is ruby has no CA certificates.

If OS provides it, open-uri can support https as follows.
(It checks /etc/ssl/certs/ca-certificates.crt which is provided by
Debian ca-certificates package.)

Any comments?

Index: lib/open-uri.rb
===================================================================
RCS file: /src/ruby/lib/open-uri.rb,v
retrieving revision 1.28
diff -u -p -r1.28 open-uri.rb
--- lib/open-uri.rb	5 Feb 2005 14:13:27 -0000	1.28
+++ lib/open-uri.rb	5 Feb 2005 14:14:25 -0000
@@ -539,9 +539,8 @@ module URI
         header['host'] += ":#{uri.port}" if uri.port
       end
 
-      require 'net/http'
       resp = nil
-      Net::HTTP.start(self.host, self.port) {|http|
+      http_start(self.host, self.port) {|http|
         http.request_get(uri.to_s, header) {|response|
           resp = response
           if options[:content_length_proc] && Net::HTTPSuccess === resp
@@ -576,11 +575,32 @@ module URI
     end
 
     include OpenURI::OpenRead
+
+    private
+    def http_start(host, port, &block)
+      require 'net/http'
+      Net::HTTP.start(host, port, &block)
+    end
   end
 
   class HTTPS
-    def proxy_open(buf, uri, options) # :nodoc:
-      raise ArgumentError, "open-uri doesn't support https."
+    private
+    def http_start(host, port, &block)
+      require 'net/https'
+      http = Net::HTTP.new(host, port)
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      setup_ca_certificates(http)
+      http.use_ssl = true
+      http.start(&block)
+    end
+
+    def setup_ca_certificates(http)
+      if File.file? '/etc/ssl/certs/ca-certificates.crt'
+        # Debian ca-certificates package
+        http.ca_file = '/etc/ssl/certs/ca-certificates.crt'
+      else
+        raise SecurityError, 'CA certificates not found'
+      end
     end
   end
-- 
Tanaka Akira