Permalink
Browse files

Merge pull request #143 from dlee/fix_ssl_verify_mode

Fix ssl_verify_mode
  • Loading branch information...
2 parents 44e53b1 + b93bf82 commit d1338aabfc215a94b59e9c61a1dad694e1831da5 @technoweenie committed Apr 21, 2012
Showing with 19 additions and 9 deletions.
  1. +11 −7 lib/faraday/adapter/net_http.rb
  2. +2 −2 lib/faraday/adapter/net_http_persistent.rb
  3. +6 −0 test/adapters/net_http_test.rb
@@ -82,25 +82,29 @@ def net_http_connection(env)
end
def configure_ssl(http, ssl)
- http.use_ssl = true
- http.verify_mode = ssl_verify_mode(ssl)
+ http.use_ssl = true
+ http.verify_mode = ssl_verify_mode(ssl)
+ http.cert_store = ssl_cert_store(ssl)
http.cert = ssl[:client_cert] if ssl[:client_cert]
http.key = ssl[:client_key] if ssl[:client_key]
http.ca_file = ssl[:ca_file] if ssl[:ca_file]
http.ca_path = ssl[:ca_path] if ssl[:ca_path]
- http.cert_store = ssl[:cert_store] if ssl[:cert_store]
http.verify_depth = ssl[:verify_depth] if ssl[:verify_depth]
http.ssl_version = ssl[:version] if ssl[:version]
end
+ def ssl_cert_store(ssl)
+ return ssl[:cert_store] if ssl[:cert_store]
+ # Use the default cert store by default, i.e. system ca certs
+ cert_store = OpenSSL::X509::Store.new
+ cert_store.set_default_paths
+ cert_store
+ end
+
def ssl_verify_mode(ssl)
ssl[:verify_mode] || begin
if ssl.fetch(:verify, true)
- # Use the default cert store by default, i.e. system ca certs
- store = OpenSSL::X509::Store.new
- store.set_default_paths
- http.cert_store = store
OpenSSL::SSL::VERIFY_PEER
else
OpenSSL::SSL::VERIFY_NONE
@@ -24,12 +24,12 @@ def perform_request(http, env)
end
def configure_ssl(http, ssl)
- http.verify_mode = ssl_verify_mode(ssl)
+ http.verify_mode = ssl_verify_mode(ssl)
+ http.cert_store = ssl_cert_store(ssl)
http.certificate = ssl[:client_cert] if ssl[:client_cert]
http.private_key = ssl[:client_key] if ssl[:client_key]
http.ca_file = ssl[:ca_file] if ssl[:ca_file]
- http.cert_store = ssl[:cert_store] if ssl[:cert_store]
http.ssl_version = ssl[:version] if ssl[:version]
end
end
@@ -39,5 +39,11 @@ def test_connection_errors_get_wrapped
end
end
+ def test_configure_ssl
+ http = Net::HTTP.new 'disney.com', 443
+ # this should not raise an error
+ Faraday::Adapter::NetHttp.new.configure_ssl(http, :ssl => {:verify => true})
+ end
+
end
end

0 comments on commit d1338aa

Please sign in to comment.