Add ca_file/ca_path configuration options.

author: Akinori MUSHA <knu@idaemons.org> 2013-06-07 14:06:07 +0900
committer: Akinori MUSHA <knu@idaemons.org> 2013-06-07 14:06:07 +0900
commit: 932238eb78c01af378c7c329d428653afca02348 (patch)
tree: 6c440891bf6d1e19fbbbb4213fa9b3284a8cc300 /lib/gitlab_net.rb
parent: 5519420e3efefa651f0a74db9d9d6027dfc23ed8 (diff)
download: gitlab-shell-932238eb78c01af378c7c329d428653afca02348.tar.gz
1 files changed, 21 insertions, 3 deletions
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index ae011b9..3f0b58b 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -42,10 +42,14 @@ class GitlabNet
   def get(url)
     url = URI.parse(url)
     http = Net::HTTP.new(url.host, url.port)
-    http.use_ssl = (url.scheme == 'https')
 
-    if config.http_settings['self_signed_cert'] && http.use_ssl?
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    if URI::HTTPS === url
+      http.use_ssl = true
+      http.cert_store = cert_store
+
+      if config.http_settings['self_signed_cert']
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
     end
 
     request = Net::HTTP::Get.new(url.request_uri)
@@ -55,4 +59,18 @@ class GitlabNet
 
     http.start {|http| http.request(request) }
   end
+
+  def cert_store
+    @cert_store ||= OpenSSL::X509::Store.new.tap { |store|
+      store.set_default_paths
+
+      if ca_file = config.http_settings['ca_file']
+        store.add_file(ca_file)
+      end
+
+      if ca_path = config.http_settings['ca_path']
+        store.add_path(ca_path)
+      end
+    }
+  end
 end
author	Akinori MUSHA <knu@idaemons.org>	2013-06-07 14:06:07 +0900
committer	Akinori MUSHA <knu@idaemons.org>	2013-06-07 14:06:07 +0900
commit	932238eb78c01af378c7c329d428653afca02348 (patch)
tree	6c440891bf6d1e19fbbbb4213fa9b3284a8cc300 /lib/gitlab_net.rb
parent	5519420e3efefa651f0a74db9d9d6027dfc23ed8 (diff)
download	gitlab-shell-932238eb78c01af378c7c329d428653afca02348.tar.gz