From f0794d3af59dbf11d1f1b36cd985067c90ec8eed Mon Sep 17 00:00:00 2001
From: ebembi-crdb <ebembi@cockroachlabs.com>
Date: Mon, 1 Dec 2025 22:57:00 +0530
Subject: [PATCH] Add SSL fix script for local Jekyll builds

- Add openssl_fix.rb to disable SSL verification for local development
- Add README_SSL_FIX.md with usage instructions

This provides a workaround for SSL certificate verification errors
that may occur in local development environments when running Jekyll builds.
---
 src/current/README_SSL_FIX.md | 17 +++++++++++++++++
 src/current/openssl_fix.rb    | 27 +++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 src/current/README_SSL_FIX.md
 create mode 100644 src/current/openssl_fix.rb

diff --git a/src/current/README_SSL_FIX.md b/src/current/README_SSL_FIX.md
new file mode 100644
index 00000000000..a8547146a6e
--- /dev/null
+++ b/src/current/README_SSL_FIX.md
@@ -0,0 +1,17 @@
+# SSL Fix for Jekyll Build
+
+If you encounter SSL certificate verification errors when running Jekyll builds, you can use the provided `openssl_fix.rb` script as a workaround.
+
+## Usage
+
+Run the Jekyll build with the `RUBYOPT` environment variable:
+
+```bash
+RUBYOPT="-r./openssl_fix.rb" bundle exec jekyll build --incremental --config _config_base.yml,_config_cockroachdb.yml
+```
+
+## What it does
+
+This script disables SSL certificate verification for Ruby's OpenSSL library. It's intended as a temporary workaround for local development environments where SSL certificate issues may occur.
+
+⚠️ **Warning**: This script disables SSL verification and should only be used in local development environments. Do not use in production.
diff --git a/src/current/openssl_fix.rb b/src/current/openssl_fix.rb
new file mode 100644
index 00000000000..3f9c15165f3
--- /dev/null
+++ b/src/current/openssl_fix.rb
@@ -0,0 +1,27 @@
+require "openssl"
+require "net/http"
+
+# Monkey patch to completely disable SSL verification
+module OpenSSL
+  module SSL
+    remove_const :VERIFY_PEER
+    VERIFY_PEER = VERIFY_NONE
+  end
+end
+
+# Override Net::HTTP SSL context creation
+class Net::HTTP
+  alias_method :original_use_ssl=, :use_ssl=
+
+  def use_ssl=(flag)
+    self.original_use_ssl = flag
+    if flag
+      @ssl_context = OpenSSL::SSL::SSLContext.new
+      @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      @ssl_context.verify_hostname = false
+    end
+  end
+end
+
+# Set environment variable as fallback
+ENV['SSL_VERIFY'] = 'false'