Merge pull request #62 from knu/use_cert_store

Add ca_file/ca_path configuration options.

Merge pull request #62 from knu/use_cert_store
Add ca_file/ca_path configuration options.
aec81968 · Dmitriy Zaporozhets · 5519420e · 932238eb · aec81968 · aec81968
Commit aec81968 authored Jun 10, 2013 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 3 deletions

config.yml.example config.yml.example +2 -0

lib/gitlab_net.rb lib/gitlab_net.rb +21 -3

No files found.
--- a/config.yml.example
+++ b/config.yml.example
@@ -7,6 +7,8 @@ gitlab_url: "http://localhost/"
 http_settings:
 #  user: someone
 #  password: somepass
+#  ca_file: /etc/ssl/cert.pem
+#  ca_path: /etc/pki/tls/certs
  self_signed_cert: false
 # Repositories path

--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -42,10 +42,14 @@ class GitlabNet
  def get(url)
    url = URI.parse(url)
    http = Net::HTTP.new(url.host, url.port)
-    http.use_ssl = (url.scheme == 'https')
-    if config.http_settings['self_signed_cert'] && http.use_ssl?
+    if URI::HTTPS === url
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      http.use_ssl = true
+      http.cert_store = cert_store
+      if config.http_settings['self_signed_cert']
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
    end
    request = Net::HTTP::Get.new(url.request_uri)
@@ -55,4 +59,18 @@ class GitlabNet
    http.start {|http| http.request(request) }
  end
+  def cert_store
+    @cert_store ||= OpenSSL::X509::Store.new.tap { |store|
+      store.set_default_paths
+      if ca_file = config.http_settings['ca_file']
+        store.add_file(ca_file)
+      end
+      if ca_path = config.http_settings['ca_path']
+        store.add_path(ca_path)
+      end
+    }
+  end
 end