Allow inclusion of client certificate while not verifying server certificate.

2023-03-27 23:23:07 -04:00 · 2014-04-14 13:51:39 -04:00 · 2014-04-14 13:51:39 -04:00 · 83962f9417
commit 83962f9417
parent a570e54dd3
2 changed files with 17 additions and 3 deletions
--- a/lib/httparty/connection_adapter.rb
+++ b/lib/httparty/connection_adapter.rb
@ -155,7 +155,6 @@ module HTTParty
        if options[:pem]
          http.cert = OpenSSL::X509::Certificate.new(options[:pem])
          http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password])
-          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
        end

        # PKCS12 client certificate authentication
@ -163,7 +162,6 @@ module HTTParty
          p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
          http.cert = p12.certificate
          http.key = p12.key
-          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
        end

        # SSL certificate authority file and/or directory
--- a/spec/httparty/connection_adapter_spec.rb
+++ b/spec/httparty/connection_adapter_spec.rb
@ -279,7 +279,7 @@ describe HTTParty::ConnectionAdapter do
            OpenSSL::PKey::RSA.should_receive(:new).with(pem, "password").and_return(key)
          end

-          it "uses the provided PEM certificate " do
+          it "uses the provided PEM certificate" do
            subject.cert.should == cert
            subject.key.should == key
          end
@ -287,6 +287,14 @@ describe HTTParty::ConnectionAdapter do
          it "will verify the certificate" do
            subject.verify_mode.should == OpenSSL::SSL::VERIFY_PEER
          end
+          
+          context "when options include verify=false" do
+            let(:options) { {:pem => pem, :pem_password => "password", :verify => false} }
+            
+            it "should not verify the certificate" do
+              subject.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
+            end
+          end
        end

        context "when scheme is not https" do
@ -330,6 +338,14 @@ describe HTTParty::ConnectionAdapter do
          it "will verify the certificate" do
            subject.verify_mode.should == OpenSSL::SSL::VERIFY_PEER
          end
+          
+          context "when options include verify=false" do
+            let(:options) { {:p12 => p12, :p12_password => "password", :verify => false} }
+            
+            it "should not verify the certificate" do
+              subject.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
+            end
+          end
        end

        context "when scheme is not https" do