Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Use the default system CA certs if available
  • Loading branch information
raggi committed Aug 26, 2011
1 parent e7ccce1 commit 209f07c
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion lib/faraday/adapter/net_http.rb
Expand Up @@ -17,8 +17,18 @@ def call(env)

if http.use_ssl = (url.scheme == 'https' && (ssl = env[:ssl]) && true)
http.verify_mode = ssl[:verify_mode] || begin
ssl.fetch(:verify, true) ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
if ssl.fetch(:verify, true)
OpenSSL::SSL::VERIFY_PEER
# Use the default cert store by default, i.e. system ca certs
store = OpenSSL::X509::Store.new
store.set_default_paths
http.cert_store = store
OpenSSL::SSL::VERIFY_PEER
else
OpenSSL::SSL::VERIFY_NONE
end
end

http.cert = ssl[:client_cert] if ssl[:client_cert]
http.key = ssl[:client_key] if ssl[:client_key]
http.ca_file = ssl[:ca_file] if ssl[:ca_file]
Expand Down

0 comments on commit 209f07c

Please sign in to comment.