Make default list of CA's blank on JRuby

References jruby/jruby#155.
ruby-amqp · Nov 6, 2013 · 734037d · bernd · Nov 6, 2013 · 734037d
1 parent 008afec
commit 734037d
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/lib/bunny/transport.rb b/lib/bunny/transport.rb
@@ -309,14 +309,7 @@ def prepare_tls_context(opts)
       @tls_key               = tls_key_from(opts)
       @tls_certificate_store = opts[:tls_certificate_store]
 
-      default_ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
-      default_ca_path = ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR
-      @tls_ca_certificates   = opts.fetch(:tls_ca_certificates, [
-          default_ca_file,
-          File.join(default_ca_path, 'ca-certificates.crt'), # Ubuntu/Debian
-          File.join(default_ca_path, 'ca-bundle.crt'), # Amazon Linux & Fedora/RHEL
-          File.join(default_ca_path, 'ca-bundle.pem') # OpenSUSE
-        ])
+      @tls_ca_certificates   = opts.fetch(:tls_ca_certificates, default_tls_certificates)
       @verify_peer           = opts[:verify_ssl] || opts[:verify_peer]
 
       @tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new)
@@ -380,12 +373,30 @@ def initialize_tls_context(ctx)
       ctx
     end
 
+    def default_tls_certificates
+      if defined?(JRUBY_VERSION)
+        # see https://github.com/jruby/jruby/issues/1055. MK.
+        []
+      else
+        default_ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
+        default_ca_path = ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR
+
+        [
+          default_ca_file,
+          File.join(default_ca_path, 'ca-certificates.crt'), # Ubuntu/Debian
+          File.join(default_ca_path, 'ca-bundle.crt'),       # Amazon Linux & Fedora/RHEL
+          File.join(default_ca_path, 'ca-bundle.pem')        # OpenSUSE
+          ].uniq
+      end
+    end
+
     def initialize_tls_certificate_store(certs)
       certs = certs.select { |path| File.readable? path }
       @logger.debug "Using CA certificates at #{certs.join(', ')}"
       if certs.empty?
         @logger.error "No CA certificates found, add one with :tls_ca_certificates"
       end
+      puts certs.inspect
       OpenSSL::X509::Store.new.tap do |store|
         certs.each { |path| store.add_file(path) }
       end