Added two alternative sources for CA file:

1. Fallback to /etc/ssl/certs/ca-certificates.crt (found on Debian/Ubuntu) 2. Override parameter with RIGHT_HTTP_CA_FILE env var.
devver · Nov 29, 2009 · 71abaed · 71abaed
1 parent 26b61f7
commit 71abaed
Showing 1 changed file with 34 additions and 2 deletions.
diff --git a/lib/right_http_connection.rb b/lib/right_http_connection.rb
@@ -86,6 +86,10 @@ class HttpConnection
     # Length of the post-error probationary period during which all requests will fail
     HTTP_CONNECTION_RETRY_DELAY   = 15
 
+    # Location of the system CA certificates file on Debian/Ubuntu systems, as
+    # generated by the ca-certificates package.
+    DEBIAN_CA_FILE = '/etc/ssl/certs/ca-certificates.crt'
+
     #--------------------
     # class methods
     #--------------------
@@ -99,7 +103,18 @@ class HttpConnection
     # Query the global (class-level) parameters:
     #
     #  :user_agent => 'www.HostName.com'    # String to report as HTTP User agent
-    #  :ca_file    => 'path_to_file'        # Path to a CA certification file in PEM format. The file can contain several CA certificates.  If this parameter isn't set, HTTPS certs won't be verified.
+    #  :ca_file    => 'path_to_file'        # Path to a CA certification file in
+    #                                       # PEM format. The file can contain
+    #                                       # several CA certificates.  If this
+    #                                       # parameter isn't set,
+    #                                       # HttpConnection will check for a
+    #                                       # system CA file.  If no CA file is
+    #                                       # found, HTTPS certs won't be
+    #                                       # verified.
+    #                                       #
+    #                                       # This parameter may be overridden
+    #                                       # with the RIGHT_HTTP_CA_FILE
+    #                                       # environment variable.
     #  :logger     => Logger object         # If omitted, HttpConnection logs to STDOUT
     #  :exception  => Exception to raise    # The type of exception to raise
     #                                       # if a request repeatedly fails. RuntimeError is raised if this parameter is omitted.
@@ -301,7 +316,7 @@ def start(request_params)
           true
         }
         @http.use_ssl = true
-        ca_file = get_param(:ca_file)
+        ca_file = get_ca_file
         if ca_file
           @http.verify_mode     = OpenSSL::SSL::VERIFY_PEER
           @http.verify_callback = verifyCallbackProc
@@ -425,6 +440,23 @@ def finish(reason = '')
       end
     end
 
+    def get_ca_file
+      get_ca_file_from_env || get_param(:ca_file) || get_system_ca_file
+    end
+
+    def get_ca_file_from_env
+      ENV['RIGHT_HTTP_CA_FILE']
+    end
+
+    def get_system_ca_file
+      system_ca_file = DEBIAN_CA_FILE
+      if File.readable?(system_ca_file)
+        system_ca_file
+      else
+        nil
+      end
+    end
+
   # Errors received during testing:
   #
   #  #<Timeout::Error: execution expired>