Skip to content
Browse files

Revert to cert handling from 0404c15.

Turns out ca_file is the only way to make validation work. Creating a new X509 cert object out of the CA file only grabs one of the certificates, not the entire chain. Without the rest of the intermediate certs in the chain, verification fails on any machine that doesn't already have those certs.
  • Loading branch information...
1 parent adeadc4 commit e8528f9e95fbf480ac368f41f8f56cbdcc19abb4 @indirect indirect committed Dec 1, 2010
Showing with 30 additions and 15 deletions.
  1. +22 −9 gist
  2. +8 −6 lib/gist.rb
View
31 gist
@@ -80,7 +80,7 @@ module Gist
end
end
module Gist
- VERSION = Version = '2.0.2'
+ VERSION = Version = '2.0.3.pre'
end
require 'open-uri'
require 'net/https'
@@ -183,12 +183,19 @@ module Gist
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
- http.cert = OpenSSL::X509::Certificate.new(ca_cert)
+ http.ca_file = ca_cert
req = Net::HTTP::Post.new(url.path)
req.form_data = data(files, private_gist)
- http.start{|h| h.request(req) }['Location']
+ response = http.start{|h| h.request(req) }
+ case response
+ when Net::HTTPRedirection
+ response['Location']
+ else
+ puts "Creating gist failed: #{response.code} #{response.message}"
+ exit(false)
+ end
end
def read(gist_id)
@@ -237,7 +244,11 @@ private
user = config("github.user")
token = config("github.token")
- user.to_s.empty? ? {} : { :login => user, :token => token }
+ if user.to_s.empty? || token.to_s.empty?
+ {}
+ else
+ { :login => user, :token => token }
+ end
end
def defaults
@@ -277,12 +288,14 @@ private
end
def ca_cert
- cert_path = File.join(File.dirname(__FILE__), "gist", "cacert.pem")
-
- if File.exists? cert_path
- File.read(cert_path)
+ cert_file = File.join(File.dirname(__FILE__), "cacert.pem")
+ if File.exist?(cert_file)
+ cert_file
else
- DATA.read.split("__CACERT__").last
+ require 'tempfile'
+ t = Tempfile.new("ca_cert")
+ t << DATA.read.split("__CACERT__").last
+ t.path
end
end
end
View
14 lib/gist.rb
@@ -120,7 +120,7 @@ def write(files, private_gist = false)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
- http.cert = OpenSSL::X509::Certificate.new(ca_cert)
+ http.ca_file = ca_cert
req = Net::HTTP::Post.new(url.path)
req.form_data = data(files, private_gist)
@@ -248,12 +248,14 @@ def str_to_bool(str)
end
def ca_cert
- cert_path = File.join(File.dirname(__FILE__), "gist", "cacert.pem")
-
- if File.exists? cert_path
- File.read(cert_path)
+ cert_file = File.join(File.dirname(__FILE__), "cacert.pem")
+ if File.exist?(cert_file)
+ cert_file
else
- DATA.read.split("__CACERT__").last
+ require 'tempfile'
+ t = Tempfile.new("ca_cert")
+ t << DATA.read.split("__CACERT__").last
+ t.path
end
end
end

0 comments on commit e8528f9

Please sign in to comment.
Something went wrong with that request. Please try again.