Can now pass a CA_FILE for SSL peer verification. Fixed README part related to SSL Client Certificates.

README.rdoc

@@ -123,7 +123,13 @@ extract and set headers for them as needed:
 
 == SSL Client Certificates
 
-  RestClient.get('https://example.com', :ssl_client_cert => File.read('cert.pem'), :ssl_client_key => File.read('key.pem')
+  RestClient::Resource.new(
+    'https://example.com', 
+    :ssl_client_cert  =>  OpenSSL::X509::Certificate.new(File.read("cert.pem")), 
+    :ssl_client_key   =>  OpenSSL::PKey::RSA.new(File.read("key.pem"), "passphrase, if any"),
+    :ssl_ca_file      =>  "ca_certificate.pem", 
+    :verify_ssl       =>  OpenSSL::SSL::VERIFY_PEER 
+  ).get
 
 Self-signed certificates can be generated with the openssl command-line tool.
 

lib/restclient/request.rb

@@ -10,7 +10,7 @@ module RestClient
 	class Request
 		attr_reader :method, :url, :payload, :headers,
 			:cookies, :user, :password, :timeout, :open_timeout,
-			:verify_ssl, :ssl_client_cert, :ssl_client_key,
+			:verify_ssl, :ssl_client_cert, :ssl_client_key, :ssl_ca_file
 			:raw_response
 
 		def self.execute(args)
@@ -31,6 +31,7 @@ module RestClient
 			@verify_ssl = args[:verify_ssl] || false
 			@ssl_client_cert = args[:ssl_client_cert] || nil
 			@ssl_client_key  = args[:ssl_client_key] || nil
+			@ssl_ca_file = args[:ssl_ca_file] || nil
 			@tf = nil # If you are a raw request, this is your tempfile
 		end
 
@@ -107,6 +108,7 @@ module RestClient
 			net.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify_ssl == false
 			net.cert = @ssl_client_cert if @ssl_client_cert
 			net.key = @ssl_client_key if @ssl_client_key
+			net.ca_file = @ssl_ca_file if @ssl_ca_file
 			net.read_timeout = @timeout if @timeout
 			net.open_timeout = @open_timeout if @open_timeout
 

spec/request_spec.rb

@@ -408,4 +408,35 @@ describe RestClient::Request do
 		@request.stub!(:response_log)
 		@request.transmit(@uri, 'req', 'payload')
 	end
+	
+	it "should default to not having an ssl_ca_file" do
+		@request.ssl_ca_file.should be(nil)
+	end
+
+	it "should set the ssl_ca_file if provided" do
+		@request = RestClient::Request.new(
+			:method => :put, 
+			:url => 'https://some/resource', 
+			:payload => 'payload',
+			:ssl_ca_file => "Certificate Authority File"
+		)
+		@net.should_receive(:ca_file=).with("Certificate Authority File")
+		@http.stub!(:request)
+		@request.stub!(:process_result)
+		@request.stub!(:response_log)
+		@request.transmit(@uri, 'req', 'payload')
+	end
+
+	it "should not set the ssl_ca_file if it is not provided" do
+		@request = RestClient::Request.new(
+			:method => :put, 
+			:url => 'https://some/resource', 
+			:payload => 'payload'
+		)
+		@net.should_not_receive(:ca_file=).with("Certificate Authority File")
+		@http.stub!(:request)
+		@request.stub!(:process_result)
+		@request.stub!(:response_log)
+		@request.transmit(@uri, 'req', 'payload')
+	end
 end