On 26.05.2016 17:50, Jiri Kremser wrote:
There is also an option not to do the certificate check at all by
passing :verify_ssl => false. This way we get the encrypted comm channel
and save the trouble with adding the certificates. However, it's less
secure, because it's not guaranteed that the server side is the one who
it claims to be.
No client should *ever* have this enabled on real code. If we need this
on the Gem or on other clients, I'd halt the task of adding self signed
certs for dev builds, as it would void real security on production boxes.