Change HTTPI SSL default cert file location with environment variable

Question

According to this page I can see where HTTPI is looking for my SSL certificate based on the OpenSSL::X509::DEFAULT_CERT_FILE constant:

2.1.5 :008 > OpenSSL::X509::DEFAULT_CERT_FILE
 => "/usr/lib/ssl/cert.pem"

My certificates are elsewhere but that page says I can change the path Ruby looks at using the environment variable SSL_CERT_FILE. I did that in .bashrc:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

Rails finds the environment variable:

2.1.5 :007 > ENV['SSL_CERT_FILE']
 => "/etc/ssl/certs/ca-certificates.crt"

But this has no effect on the OpenSSL constant:

2.1.5 :008 > OpenSSL::X509::DEFAULT_CERT_FILE
 => "/usr/lib/ssl/cert.pem"

Is that page wrong about the effect of setting SSL_CERT_FILE? Or does the constant never change and it affects some other setting? Ultimately, the certificate is not being found, so I need to know how what it is / how to inspect / how to set it.

First prize is a similar approach with a default set by an environment variable because I do not want to hardcode a path to a certificate.

Answer 1

I don't know about the ruby part, but from my experience with the OpenSSL code I don't think that setting the environment SSL_CERT_FILE will change the content of DEFAULT_CERT_FILE. But it will still change where OpenSSL looks for the certificates: If SSL_CERT_FILE is given it will take this value and otherwise take the value in DEFAULT_CERT_FILE. That is how OpenSSL works internally.