Use cacert.pem for HTTPS connections

If not exist, do not verify cert at all
wayneeseguin · Dec 9, 2010 · 0d02ff8 · 0d02ff8
1 parent afa451d
commit 0d02ff8
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/config/ruby_installer.rb b/config/ruby_installer.rb
@@ -9,6 +9,12 @@ module RubyInstaller
     SEVEN_ZIP = File.expand_path(File.join(ROOT, 'sandbox', 'extract_utils', '7za.exe'))
     BSD_TAR = File.expand_path(File.join(ROOT, 'sandbox', 'extract_utils', 'basic-bsdtar.exe'))
 
+    # SSL Certificates
+    Certificate = OpenStruct.new(
+      :url  => 'http://curl.haxx.se/ca',
+      :file => 'cacert.pem'
+    )
+
     # MinGW files
     MinGW = OpenStruct.new(
       :release => 'current',

diff --git a/rake/contrib/uri_ext.rb b/rake/contrib/uri_ext.rb
@@ -285,8 +285,13 @@ def connect
         http = Net::HTTP.new(host, port)
       end
       if self.instance_of? URI::HTTPS
+        cacert = "downloads/#{RubyInstaller::Certificate.file}"
         http.use_ssl = true
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        if File.exist?(cacert)
+          http.ca_file = cacert
+        else
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
       end
       yield http
     end

diff --git a/recipes/certificate.rake b/recipes/certificate.rake
@@ -0,0 +1,12 @@
+namespace :certificate do
+  cert = RubyInstaller::Certificate
+
+  source = "#{cert.url}/#{cert.file}"
+  target = "downloads/#{cert.file}"
+
+  download target => source
+  task :download => target
+end
+
+task :certificate => ['certificate:download']
+task :downloads => [:certificate]