ridley since 4.3.0 doesn't work with custom SSL CAs

[Deleted user]

After upgrading from ridley 4.2.0 to 4.4.2 I am unable to talk to my chef server which is using SSL certificates signed by our internal CA. It seems in 4.3.0 the HTTP client was switched to httpclient but it's not properly reading my system CA bundle.

D, [2016-01-13T15:26:33.018717 #61429] DEBUG -- : request env: #<struct Faraday::Env method=:get, body=nil, url=#<Addressable::URI:0x3fd629822e60 URI:https://<redacted>:443/nodes/<redacted>>, request=#<Faraday::RequestOptions (empty)>, request_headers={"Accept"=>"application/json", "Content-Type"=>"application/json", "X-Chef-Version"=>"11.4.0", "User-Agent"=>"Ridley v4.4.2", "X-OPS-SIGN"=>"algorithm=sha1;version=1.0;", "X-OPS-USERID"=>"<redacted>", "X-OPS-TIMESTAMP"=>"2016-01-13T21:26:33Z", "X-OPS-CONTENT-HASH"=>"2jmj7l5rSw0yVb/vlWAYkK/YBwk=", "X-OPS-AUTHORIZATION-1"=>"…", "HOST"=>"<redacted>:443"}, ssl=#<Faraday::SSLOptions (empty)>, parallel_manager=nil, params=nil, response=nil, response_headers=nil, status=nil>
E, [2016-01-13T15:26:33.191730 #61429] ERROR -- : CONVERGE_CLUSTER RUN_PHASE ERROR (ERROR: failed to initialize <redacted>: SSL_connect returned=1 errno=0 state=error: certificate verify failed)

[Deleted user]

This looks like the commit that broke it: 385bfd9

We had a similar issue with the berkshelf-api-client when it switched to using httpclient

[Deleted user]

Found the issue berkshelf had: https://github.com/berkshelf/berkshelf-api-client/issues/9

Looks like it was an issue with how httpclient and faraday were using ssl, it was fixed in faraday here: https://github.com/lostisland/faraday/pull/494/commits