Be less aggressive in applying cert store workaround

Cover and close #50 Should no longer trigger in reasonable OpenSSL installations. Should still trigger in most cases when needed.
cabo · Jan 19, 2018 · e15a991 · e15a991
1 parent 425862b
commit e15a991
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/bin/kramdown-rfc2629 b/bin/kramdown-rfc2629
@@ -36,10 +36,18 @@ def do_the_tls_dance
   begin
     require 'openssl'
     File.open(OpenSSL::X509::DEFAULT_CERT_FILE) do end
+    # This guards against having an unreadable cert file (yes, that appears to happen a lot).
   rescue
-    warn "** Configuration problem with OpenSSL certificate store at #{OpenSSL::X509::DEFAULT_CERT_FILE}."
-    warn "**   Activating workaround.  Occasionally run `certified-update`."
-    require 'certified'
+    if Dir[File.join(OpenSSL::X509::DEFAULT_CERT_DIR, "*.pem")].empty?
+      # This guards against having no certs at all, not against missing the right one for IETF.
+      # Oh well.
+      warn "** Configuration problem with OpenSSL certificate store."
+      warn "**   You may want to examine #{OpenSSL::X509::DEFAULT_CERT_FILE}"
+      warn "**    and #{OpenSSL::X509::DEFAULT_CERT_DIR}."
+      warn "**   Activating suboptimal workaround."
+      warn "**   Occasionally run `certified-update` to maintain that workaround."
+      require 'certified'
+    end
   end
 end