Add ca_file/ca_path configuration options.

gitlabhq · Jun 24, 2013 · e9a888f · e9a888f
1 parent 3794ecc
commit e9a888f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/config.yml.example b/config.yml.example
@@ -7,6 +7,8 @@ gitlab_url: "http://localhost/"
 http_settings:
 #  user: someone
 #  password: somepass
+#  ca_file: /etc/ssl/cert.pem
+#  ca_path: /etc/pki/tls/certs
   self_signed_cert: false
 
 # Repositories path

diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
@@ -49,10 +49,14 @@ def get(url)
 
     url = URI.parse(url)
     http = Net::HTTP.new(url.host, url.port)
-    http.use_ssl = (url.scheme == 'https')
 
-    if config.http_settings['self_signed_cert'] && http.use_ssl?
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    if URI::HTTPS === url
+      http.use_ssl = true
+      http.cert_store = cert_store
+
+      if config.http_settings['self_signed_cert']
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
     end
 
     request = Net::HTTP::Get.new(url.request_uri)
@@ -68,4 +72,18 @@ def get(url)
       end
     end
   end
+
+  def cert_store
+    @cert_store ||= OpenSSL::X509::Store.new.tap { |store|
+      store.set_default_paths
+
+      if ca_file = config.http_settings['ca_file']
+        store.add_file(ca_file)
+      end
+
+      if ca_path = config.http_settings['ca_path']
+        store.add_path(ca_path)
+      end
+    }
+  end
 end