diff --git a/src/ruby/pb/test/client.rb b/src/ruby/pb/test/client.rb
index 6cc616e5cbaf79e436c0d1723f22d593577d7107..94bfff126085f19b85d0ed16a3e2eabd4b4636ad 100755
--- a/src/ruby/pb/test/client.rb
+++ b/src/ruby/pb/test/client.rb
@@ -114,8 +114,8 @@ end
 def create_stub(opts)
   address = "#{opts.host}:#{opts.port}"
   if opts.secure
+    creds = ssl_creds(opts.use_test_ca)
     stub_opts = {
-      :creds => ssl_creds(opts.use_test_ca),
       GRPC::Core::Channel::SSL_TARGET => opts.host_override
     }
 
@@ -125,7 +125,7 @@ def create_stub(opts)
       unless opts.oauth_scope.nil?
         auth_creds = Google::Auth.get_application_default(opts.oauth_scope)
         call_creds = GRPC::Core::CallCredentials.new(auth_creds.updater_proc)
-        stub_opts[:creds] = stub_opts[:creds].compose call_creds
+        creds = creds.compose call_creds
       end
     end
 
@@ -135,20 +135,20 @@ def create_stub(opts)
 
       # use a metadata update proc that just adds the auth token.
       call_creds = GRPC::Core::CallCredentials.new(proc { |md| md.merge(kw) })
-      stub_opts[:creds] = stub_opts[:creds].compose call_creds
+      creds = creds.compose call_creds
     end
 
     if opts.test_case == 'jwt_token_creds'  # don't use a scope
       auth_creds = Google::Auth.get_application_default
       call_creds = GRPC::Core::CallCredentials.new(auth_creds.updater_proc)
-      stub_opts[:creds] = stub_opts[:creds].compose call_creds
+      creds = creds.compose call_creds
     end
 
     GRPC.logger.info("... connecting securely to #{address}")
-    Grpc::Testing::TestService::Stub.new(address, **stub_opts)
+    Grpc::Testing::TestService::Stub.new(address, creds, **stub_opts)
   else
     GRPC.logger.info("... connecting insecurely to #{address}")
-    Grpc::Testing::TestService::Stub.new(address)
+    Grpc::Testing::TestService::Stub.new(address, :this_channel_is_insecure)
   end
 end