Update CA bundle

Our CA bundle has fallen quite out of date since it was last pulled.
This patch updates it and adds a Rake task to make this task more
repeatable.

One thing worth noting is I've switched us over from the Ubuntu bundle
to the Mozilla bundle that's maintained by cURL. The bundle seemed to be
previously extracted by a custom script that I don't really want to
maintain. cURL and Excon both use the Mozilla bundle and it should be a
safe replacement.

README.rdoc

@@ -60,6 +60,10 @@ Run a single test:
 
     bundle exec ruby -Ilib/ test/stripe/util_test.rb -n /should.convert.names.to.symbols/
 
+Update bundled CA certificates from the [Mozilla cURL release][curl]:
+
+    bundle exec rake update_certs
+
 == Configuration
 
 === max_network_retries
@@ -72,3 +76,5 @@ algorithm used to determine the length of the delay.  Default value is 0.
 Example:
 
     Stripe.max_network_retries = 2
+
+[curl]: http://curl.haxx.se/docs/caextract.html

Rakefile

@@ -5,3 +5,13 @@ task :default => [:test]
 Rake::TestTask.new do |t|
   t.pattern = './test/**/*_test.rb'
 end
+
+desc "update bundled certs"
+task :update_certs do
+  require "restclient"
+  File.open(File.join(File.dirname(__FILE__), 'lib', 'data', 'ca-certificates.crt'), 'w') do |file|
+    resp = RestClient.get "https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt"
+    abort("bad response when fetching bundle") unless resp.code == 200
+    file.write(resp.to_str)
+  end
+end