Skip to content

Commit

Permalink
Expose option to set SSL cert_store.
Browse files Browse the repository at this point in the history 
Fixes: rest-client#254
  • Loading branch information
@ab
ab committed Mar 16, 2014
1 parent 5cc2ed3 commit f378ad1
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 3 deletions.
9 changes: 6 additions & 3 deletions lib/restclient/request.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ module RestClient
# OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER
# * :timeout and :open_timeout are how long to wait for a response and to
# open a connection, in seconds. Pass nil to disable the timeout.
# * :ssl_client_cert, :ssl_client_key, :ssl_ca_file, :ssl_ca_path
# * :ssl_client_cert, :ssl_client_key, :ssl_ca_file, :ssl_ca_path,
# :ssl_cert_store
# * :ssl_version specifies the SSL version for the underlying Net::HTTP connection
# * :ssl_ciphers sets SSL ciphers for the connection. See
# OpenSSL::SSL::SSLContext#ciphers=
Expand All @@ -34,8 +35,8 @@ class Request
attr_reader :method, :url, :headers, :cookies,
:payload, :user, :password, :timeout, :max_redirects,
:open_timeout, :raw_response, :verify_ssl, :ssl_client_cert,
:ssl_client_key, :ssl_ca_file, :processed_headers, :args,
:ssl_version, :ssl_ca_path, :ssl_ciphers
:ssl_client_key, :ssl_ca_file, :ssl_ca_path, :ssl_cert_store,
:processed_headers, :args, :ssl_version, :ssl_ciphers

def self.execute(args, & block)
new(args).execute(& block)
Expand Down Expand Up @@ -124,6 +125,7 @@ def initialize args
@ssl_client_key = args[:ssl_client_key] || nil
@ssl_ca_file = args[:ssl_ca_file] || nil
@ssl_ca_path = args[:ssl_ca_path] || nil
@ssl_cert_store = args[:ssl_cert_store] || nil
@ssl_version = args[:ssl_version]
@tf = nil # If you are a raw request, this is your tempfile
@max_redirects = args[:max_redirects] || 10
Expand Down Expand Up @@ -282,6 +284,7 @@ def transmit uri, req, payload, & block
net.key = @ssl_client_key if @ssl_client_key
net.ca_file = @ssl_ca_file if @ssl_ca_file
net.ca_path = @ssl_ca_path if @ssl_ca_path
net.cert_store = @ssl_cert_store if @ssl_cert_store

if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
warn('WARNING: OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE')
Expand Down
34 changes: 34 additions & 0 deletions spec/unit/request_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -784,6 +784,40 @@
@request.stub(:response_log)
@request.transmit(@uri, 'req', 'payload')
end

it "should set the ssl_cert_store if provided" do
store = OpenSSL::X509::Store.new
store.set_default_paths

@request = RestClient::Request.new(
:method => :put,
:url => 'https://some/resource',
:payload => 'payload',
:ssl_cert_store => store
)
@net.should_receive(:cert_store=).with(store)
@http.stub(:request)
@request.stub(:process_result)
@request.stub(:response_log)
@request.transmit(@uri, 'req', 'payload')
end

it "should not set the ssl_cert_store if it is not provided" do
@request = RestClient::Request.new(
:method => :put,
:url => 'https://some/resource',
:payload => 'payload'
)
@net.should_not_receive(:cert_store=)
@http.stub(:request)
@request.stub(:process_result)
@request.stub(:response_log)
@request.transmit(@uri, 'req', 'payload')
end

it "should default to not having an ssl_cert_store" do
@request.ssl_cert_store.should be(nil)
end
end

it "should still return a response object for 204 No Content responses" do
Expand Down

0 comments on commit f378ad1

Please sign in to comment.