Add 'verify_peer' option to explicitly turn off server verification even if sending a client certificate.

2023-03-27 23:23:07 -04:00 · 2014-04-14 17:30:02 -04:00 · 2014-04-14 17:30:02 -04:00 · 1b6cfbc7ec
commit 1b6cfbc7ec
parent 83962f9417
2 changed files with 5 additions and 2 deletions
--- a/lib/httparty/connection_adapter.rb
+++ b/lib/httparty/connection_adapter.rb
@ -45,6 +45,7 @@ module HTTParty
  # * :+debug_output+: see HTTParty::ClassMethods.debug_output.
  # * :+pem+: contains pem data. see HTTParty::ClassMethods.pem.
  # * :+verify+: verify the server’s certificate against the ca certificate.
+  # * :+verify_peer+: set to false to turn off server verification but still send client certificate
  # * :+ssl_ca_file+: see HTTParty::ClassMethods.ssl_ca_file.
  # * :+ssl_ca_path+: see HTTParty::ClassMethods.ssl_ca_path.
  # * :+connection_adapter_options+: contains the hash you passed to HTTParty.connection_adapter when you configured your connection adapter
@ -155,6 +156,7 @@ module HTTParty
        if options[:pem]
          http.cert = OpenSSL::X509::Certificate.new(options[:pem])
          http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password])
+          http.verify_mode = options[:verify_peer] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
        end

        # PKCS12 client certificate authentication
@ -162,6 +164,7 @@ module HTTParty
          p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
          http.cert = p12.certificate
          http.key = p12.key
+          http.verify_mode = options[:verify_peer] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
        end

        # SSL certificate authority file and/or directory
--- a/spec/httparty/connection_adapter_spec.rb
+++ b/spec/httparty/connection_adapter_spec.rb
@ -289,7 +289,7 @@ describe HTTParty::ConnectionAdapter do
          end
          
          context "when options include verify=false" do
-            let(:options) { {:pem => pem, :pem_password => "password", :verify => false} }
+            let(:options) { {:pem => pem, :pem_password => "password", :verify_peer => false} }
            
            it "should not verify the certificate" do
              subject.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
@ -340,7 +340,7 @@ describe HTTParty::ConnectionAdapter do
          end
          
          context "when options include verify=false" do
-            let(:options) { {:p12 => p12, :p12_password => "password", :verify => false} }
+            let(:options) { {:p12 => p12, :p12_password => "password", :verify_peer => false} }
            
            it "should not verify the certificate" do
              subject.verify_mode.should == OpenSSL::SSL::VERIFY_NONE