Currently options ssl_ca_cert, ssl_cert and ssl_key expect a file path from which the certificates/keys are read and added to an OpenSSL::X509::Store object. This solution works ok on traditional deployments, but is less than optimal on platforms which favour Environment Variables against configuration files (e.g. Heroku), as it requires the certificates/keys to be deployed together with the application. It would be much better if it was possible to pass directly the certificates/keys as part of the options.
There are a few alternatives about how to implement this:
- passing already parsed objects in the options Hash (so that it is the task of the caller of this library to find and decode the certificates), in which case the same option name could be used with the socket library quickly checking whether the option is a string -> path -> need to load the cert, or an OpenSSL::X509 object (just need to add it the Store)
- passing the options as PEM encoded strings, in which case a different set of options would need to be used to prevent confusion whether the passed string is a path or PEM data (although it could be detected by the PEM ASCII armor)