Hi, I am trying to start a Net::HTTP session with the following options:

{
  use_ssl: true,
  verify_mode: OpenSSL::SSL::VERIFY_PEER,
  cert: OpenSSL::X509::Certificate.new(File.read('path_of_cert'))
  key: OpenSSL::PKey::RSA.new(File.read('path_of_key'), 'password')
  ca_file: 'path of ca file'
}

The values of the options are obviously not the real values.
I instantiate a URI object with the endpoint that I want to call, and initiate the http session with
http = Net::HTTP.start(url.hostname, Net::HTTP.https_default_port, options)

However I keep getting this error and the http session never gets instantiated.

.rbenv/versions/3.2.1/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock': SSL_connect returned=1 errno=0 peeraddr=123.123.123.123:443 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

Where the peeraddr does not have the real value.

I got the contents of the ca_file by extracting their root certificate with the following command
echo | openssl s_client -servername $HOSTNAME -connect $HOSTNAME:443 2>/dev/null | openssl x509 -text

I ran my application in staging with the verify_mode option set to VERIFY_NONE and it works just fine, but obviously I want to set the option to VERIFY_PEER since launching it to production as it is now is not safe.

Note that the there is another same issue ticket ruby/net-http#150 opened in ruby/net-http.

Note that the there is another same issue ticket ruby/net-http#150 opened in ruby/net-http.

Yes, I just wasn't sure whether the issue belongs to this repo or the other.

error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

The error message describes the issue. Either ca_file is incorrect or the server is not sending the intermediate CA certificate(s) correctly.

How can I reproduce it?