This seems to be fixed in jruby 1.7.3+.
(9:37:30):cmyers@cmyers-ubuntu:4 master¹] rvm use jruby-1.6.7@global
Using /home/cmyers/.rvm/gems/jruby-1.6.7 with gemset global
(9:38:11):cmyers@cmyers-ubuntu:4 master¹] ./download-google.rb
OpenSSL::SSL::SSLError: certificate verify failed
connect at org/jruby/ext/openssl/SSLSocket.java:170
connect at /home/cmyers/.rvm/rubies/jruby-1.6.7/lib/ruby/1.8/net/http.rb:586
do_start at /home/cmyers/.rvm/rubies/jruby-1.6.7/lib/ruby/1.8/net/http.rb:553
start at /home/cmyers/.rvm/rubies/jruby-1.6.7/lib/ruby/1.8/net/http.rb:542
(root) at ./download-google.rb:16
./download-google.rb 6.52s user 0.27s system 179% cpu 3.788 total
(9:38:20):cmyers@cmyers-ubuntu:4 master¹] rvm use jruby-1.7.3@global
Using /home/cmyers/.rvm/gems/jruby-1.7.3 with gemset global
(9:38:50):cmyers@cmyers-ubuntu:4 master¹] ./download-google.rb
nil./download-google.rb 8.91s user 0.28s system 203% cpu 4.511 total
I haven't confirmed whether it is using the jvm truststore or the system one, but either would be a sane choice as long as it is consistent.
Personally, I don't use Net::HTTP anymore, the httpclient gem mentioned above is more portable (works in mri and jruby), more testable (supports easy mocking), more performant (reuses connections), and thread-safe. I highly recommend it.