2011/11/7 John Downey <jdowney / gmail.com>:
> What happens in this case (and you can see it by using Wireshark to watch
> your traffic to github.com) is that the github server sends you both its
> cert and the intermediary cert. Essentially what it is saying is I am valid
> and here is another cert you're probably going to need to prove that.
>
> Depending on how you're receiving these certificates they should be bundled
> with any intermediate CA certs you will need. OpenSSL::X509::Store#verify
> takes a second parameter which is an array representing the certificate
> chain. You will need to pass it an array of OpenSSL::X509::Certificate
> representing all the intermediate CAs needed to validate the first
> parameter.

Great, thanks a lot for the explanation.

-- 
Iaki Baz Castillo
<ibc / aliax.net>