2 files changed, 23 insertions, 3 deletions

diff --git a/config.yml.example b/config.yml.example
index 4bffe14..02ea2e8 100644
--- a/config.yml.example
+++ b/config.yml.example
@@ -7,6 +7,8 @@ gitlab_url: "http://localhost/"
 http_settings:
 #  user: someone
 #  password: somepass
+#  ca_file: /etc/ssl/cert.pem
+#  ca_path: /etc/pki/tls/certs
   self_signed_cert: false
 
 # Repositories path
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index ae011b9..3f0b58b 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -42,10 +42,14 @@ class GitlabNet
   def get(url)
     url = URI.parse(url)
     http = Net::HTTP.new(url.host, url.port)
-    http.use_ssl = (url.scheme == 'https')
 
-    if config.http_settings['self_signed_cert'] && http.use_ssl?
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    if URI::HTTPS === url
+      http.use_ssl = true
+      http.cert_store = cert_store
+
+      if config.http_settings['self_signed_cert']
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
     end
 
     request = Net::HTTP::Get.new(url.request_uri)
@@ -55,4 +59,18 @@ class GitlabNet
 
     http.start {|http| http.request(request) }
   end
+
+  def cert_store
+    @cert_store ||= OpenSSL::X509::Store.new.tap { |store|
+      store.set_default_paths
+
+      if ca_file = config.http_settings['ca_file']
+        store.add_file(ca_file)
+      end
+
+      if ca_path = config.http_settings['ca_path']
+        store.add_path(ca_path)
+      end
+    }
+  end
 end