U:RDoc::NormalClass[iI" Store:ETI"OpenSSL::X509::Store;TI" Object;To:RDoc::Markup::Document: @parts[o;;[o:RDoc::Markup::Paragraph;[I"MThe X509 certificate store holds trusted CA certificates used to verify ;TI"peer certificates.;To:RDoc::Markup::BlankLineo; ;[I"=The easiest way to create a useful certificate store is:;T@o:RDoc::Markup::Verbatim;[I"+cert_store = OpenSSL::X509::Store.new ;TI""cert_store.set_default_paths ;T: @format0o; ;[I"7This will use your system's built-in certificates.;T@o; ;[ I"OIf your system does not have a default set of certificates you can obtain ;TI"Ka set extracted from Mozilla CA certificate store by cURL maintainers ;TI"Mhere: https://curl.haxx.se/docs/caextract.html (You may wish to use the ;TI"Ofirefox-db2pem.sh script to extract the certificates from a local install ;TI")to avoid man-in-the-middle attacks.);T@o; ;[I"JAfter downloading or generating a cacert.pem from the above link you ;TI"@can create a certificate store from the pem file like this:;T@o; ;[I"+cert_store = OpenSSL::X509::Store.new ;TI"&cert_store.add_file 'cacert.pem' ;T; 0o; ;[I"CThe certificate store can be used with an SSLSocket like this:;T@o; ;[ I"0ssl_context = OpenSSL::SSL::SSLContext.new ;TI"9ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER ;TI")ssl_context.cert_store = cert_store ;TI" ;TI"4tcp_socket = TCPSocket.open 'example.com', 443 ;TI" ;TI"Essl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context;T; 0: @fileI"!ext/openssl/ossl_x509store.c;T:0@omit_headings_from_table_of_contents_below0; 0;0[ [ I" chain;TI"R;T: publicFI"!ext/openssl/ossl_x509store.c;T[ I" error;TI"R;T;F@=[ I"error_string;TI"R;T;F@=[ I"verify_callback;TI"R;T;F@=[[[[I" class;T[[;[[I"new;T@=[:protected[[: private[[I" instance;T[[;[[I" add_cert;T@=[I" add_crl;T@=[I" add_file;T@=[I" add_path;T@=[I" flags=;T@=[I" purpose=;T@=[I"set_default_paths;T@=[I" time=;T@=[I" trust=;T@=[I" verify;T@=[I"verify_callback=;T@=[;[[;[[[U:RDoc::Context::Section[i0o;;[; 0;0[I" ext/openssl/ossl_x509attr.c;TI"OpenSSL::X509;TcRDoc::NormalModule