Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Revert to cert handling from 0404c15.
Turns out ca_file is the only way to make validation work. Creating a new X509 cert object out of the CA file only grabs one of the certificates, not the entire chain. Without the rest of the intermediate certs in the chain, verification fails on any machine that doesn't already have those certs.
  • Loading branch information
indirect committed Apr 28, 2011
1 parent adeadc4 commit e8528f9
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 15 deletions.
31 changes: 22 additions & 9 deletions gist
Expand Up @@ -80,7 +80,7 @@ module Gist
end
end
module Gist
VERSION = Version = '2.0.2'
VERSION = Version = '2.0.3.pre'
end
require 'open-uri'
require 'net/https'
Expand Down Expand Up @@ -183,12 +183,19 @@ module Gist

http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert = OpenSSL::X509::Certificate.new(ca_cert)
http.ca_file = ca_cert

req = Net::HTTP::Post.new(url.path)
req.form_data = data(files, private_gist)

http.start{|h| h.request(req) }['Location']
response = http.start{|h| h.request(req) }
case response
when Net::HTTPRedirection
response['Location']
else
puts "Creating gist failed: #{response.code} #{response.message}"
exit(false)
end
end

def read(gist_id)
Expand Down Expand Up @@ -237,7 +244,11 @@ private
user = config("github.user")
token = config("github.token")

user.to_s.empty? ? {} : { :login => user, :token => token }
if user.to_s.empty? || token.to_s.empty?
{}
else
{ :login => user, :token => token }
end
end

def defaults
Expand Down Expand Up @@ -277,12 +288,14 @@ private
end

def ca_cert
cert_path = File.join(File.dirname(__FILE__), "gist", "cacert.pem")

if File.exists? cert_path
File.read(cert_path)
cert_file = File.join(File.dirname(__FILE__), "cacert.pem")
if File.exist?(cert_file)
cert_file
else
DATA.read.split("__CACERT__").last
require 'tempfile'
t = Tempfile.new("ca_cert")
t << DATA.read.split("__CACERT__").last
t.path
end
end
end
Expand Down
14 changes: 8 additions & 6 deletions lib/gist.rb
Expand Up @@ -120,7 +120,7 @@ def write(files, private_gist = false)

http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert = OpenSSL::X509::Certificate.new(ca_cert)
http.ca_file = ca_cert

req = Net::HTTP::Post.new(url.path)
req.form_data = data(files, private_gist)
Expand Down Expand Up @@ -248,12 +248,14 @@ def str_to_bool(str)
end

def ca_cert
cert_path = File.join(File.dirname(__FILE__), "gist", "cacert.pem")

if File.exists? cert_path
File.read(cert_path)
cert_file = File.join(File.dirname(__FILE__), "cacert.pem")
if File.exist?(cert_file)
cert_file
else
DATA.read.split("__CACERT__").last
require 'tempfile'
t = Tempfile.new("ca_cert")
t << DATA.read.split("__CACERT__").last
t.path
end
end
end

0 comments on commit e8528f9

Please sign in to comment.