西山和広です。

On Tue, 18 Apr 2017 09:58:13 +0900,
Yoshihisa Sugano wrote:
> 
> どうにか OpenSSL::X509::DEFAULT_CERT_FILE をビルド時でも実行時でも上書きする方法はないでしょうか?

% lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial

の環境で試してみたところ、 OpenSSL::X509::DEFAULT_CERT_FILE がさすファイルが
存在しなくても問題なく繋がりました。

SSL_CERT_FILE がダメなら SSL_CERT_DIR を試すと良いのではないでしょうか。

% /usr/bin/irb -r irb/completion --simple-prompt
>> RUBY_DESCRIPTION
=> "ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]"
>> require 'openssl'
=> true
>> OpenSSL::X509::DEFAULT_CERT_FILE
=> "/usr/lib/ssl/cert.pem"
>> File.exist? OpenSSL::X509::DEFAULT_CERT_FILE
=> false
>> require 'open-uri'
=> true
>> open('https://www.google.com/')
=> #<Tempfile:/tmp/user/1000/open-uri20170418-9096-155vnnx>
>> OpenSSL::X509::DEFAULT_CERT_DIR
=> "/usr/lib/ssl/certs"
>> OpenSSL::X509::DEFAULT_CERT_DIR_ENV
=> "SSL_CERT_DIR"
>>
%  SSL_CERT_DIR=. /usr/bin/irb -r irb/completion --simple-prompt
>> require 'open-uri'
=> true
>> open('https://www.google.com/')
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
        from /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
        from /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect'
        from /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
        from /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
        from /usr/lib/ruby/2.3.0/open-uri.rb:319:in `open_http'
        from /usr/lib/ruby/2.3.0/open-uri.rb:737:in `buffer_open'
        from /usr/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop'
        from /usr/lib/ruby/2.3.0/open-uri.rb:210:in `catch'
        from /usr/lib/ruby/2.3.0/open-uri.rb:210:in `open_loop'
        from /usr/lib/ruby/2.3.0/open-uri.rb:151:in `open_uri'
        from /usr/lib/ruby/2.3.0/open-uri.rb:717:in `open'
        from /usr/lib/ruby/2.3.0/open-uri.rb:35:in `open'
        from (irb):2
        from /usr/bin/irb:11:in `<main>'
>>



-- 
|ZnZ(ゼット エヌ ゼット)
|西山和広(Kazuhiro NISHIYAMA)