Merge pull request lostisland#76 from raggi/ssl_store

Use the default system CA certs if available
whomwah · Aug 27, 2011 · 2b9b798 · 2b9b798
2 parents e7ccce1 + 209f07c
commit 2b9b798
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/lib/faraday/adapter/net_http.rb b/lib/faraday/adapter/net_http.rb
@@ -17,8 +17,18 @@ def call(env)
 
         if http.use_ssl = (url.scheme == 'https' && (ssl = env[:ssl]) && true)
           http.verify_mode = ssl[:verify_mode] || begin
-            ssl.fetch(:verify, true) ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+            if ssl.fetch(:verify, true) 
+              OpenSSL::SSL::VERIFY_PEER
+              # Use the default cert store by default, i.e. system ca certs
+              store = OpenSSL::X509::Store.new
+              store.set_default_paths
+              http.cert_store = store
+              OpenSSL::SSL::VERIFY_PEER
+            else
+              OpenSSL::SSL::VERIFY_NONE
+            end
           end
+
           http.cert         = ssl[:client_cert]  if ssl[:client_cert]
           http.key          = ssl[:client_key]   if ssl[:client_key]
           http.ca_file      = ssl[:ca_file]      if ssl[:ca_file]