From 3fb5c51d1e2fb522b90a8570a04b91dd3e620484 Mon Sep 17 00:00:00 2001
From: Cyril Rohr <cyril.rohr@irisa.fr>
Date: Mon, 30 Mar 2009 14:03:40 +0200
Subject: [PATCH] Can now pass a CA_FILE for SSL peer verification. Fixed
 README part related to SSL Client Certificates.

---
 README.rdoc               |  8 +++++++-
 lib/restclient/request.rb |  4 +++-
 spec/request_spec.rb      | 31 +++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/README.rdoc b/README.rdoc
index 6c11be7..c005e9f 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -123,7 +123,13 @@ extract and set headers for them as needed:
 
 == SSL Client Certificates
 
-  RestClient.get('https://example.com', :ssl_client_cert => File.read('cert.pem'), :ssl_client_key => File.read('key.pem')
+  RestClient::Resource.new(
+    'https://example.com', 
+    :ssl_client_cert  =>  OpenSSL::X509::Certificate.new(File.read("cert.pem")), 
+    :ssl_client_key   =>  OpenSSL::PKey::RSA.new(File.read("key.pem"), "passphrase, if any"),
+    :ssl_ca_file      =>  "ca_certificate.pem", 
+    :verify_ssl       =>  OpenSSL::SSL::VERIFY_PEER 
+  ).get
 
 Self-signed certificates can be generated with the openssl command-line tool.
 
diff --git a/lib/restclient/request.rb b/lib/restclient/request.rb
index e372a31..45ed910 100644
--- a/lib/restclient/request.rb
+++ b/lib/restclient/request.rb
@@ -10,7 +10,7 @@ module RestClient
 	class Request
 		attr_reader :method, :url, :payload, :headers,
 			:cookies, :user, :password, :timeout, :open_timeout,
-			:verify_ssl, :ssl_client_cert, :ssl_client_key,
+			:verify_ssl, :ssl_client_cert, :ssl_client_key, :ssl_ca_file
 			:raw_response
 
 		def self.execute(args)
@@ -31,6 +31,7 @@ module RestClient
 			@verify_ssl = args[:verify_ssl] || false
 			@ssl_client_cert = args[:ssl_client_cert] || nil
 			@ssl_client_key  = args[:ssl_client_key] || nil
+			@ssl_ca_file = args[:ssl_ca_file] || nil
 			@tf = nil # If you are a raw request, this is your tempfile
 		end
 
@@ -107,6 +108,7 @@ module RestClient
 			net.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify_ssl == false
 			net.cert = @ssl_client_cert if @ssl_client_cert
 			net.key = @ssl_client_key if @ssl_client_key
+			net.ca_file = @ssl_ca_file if @ssl_ca_file
 			net.read_timeout = @timeout if @timeout
 			net.open_timeout = @open_timeout if @open_timeout
 
diff --git a/spec/request_spec.rb b/spec/request_spec.rb
index 3dc9f38..461ebe9 100644
--- a/spec/request_spec.rb
+++ b/spec/request_spec.rb
@@ -408,4 +408,35 @@ describe RestClient::Request do
 		@request.stub!(:response_log)
 		@request.transmit(@uri, 'req', 'payload')
 	end
+	
+	it "should default to not having an ssl_ca_file" do
+		@request.ssl_ca_file.should be(nil)
+	end
+
+	it "should set the ssl_ca_file if provided" do
+		@request = RestClient::Request.new(
+			:method => :put, 
+			:url => 'https://some/resource', 
+			:payload => 'payload',
+			:ssl_ca_file => "Certificate Authority File"
+		)
+		@net.should_receive(:ca_file=).with("Certificate Authority File")
+		@http.stub!(:request)
+		@request.stub!(:process_result)
+		@request.stub!(:response_log)
+		@request.transmit(@uri, 'req', 'payload')
+	end
+
+	it "should not set the ssl_ca_file if it is not provided" do
+		@request = RestClient::Request.new(
+			:method => :put, 
+			:url => 'https://some/resource', 
+			:payload => 'payload'
+		)
+		@net.should_not_receive(:ca_file=).with("Certificate Authority File")
+		@http.stub!(:request)
+		@request.stub!(:process_result)
+		@request.stub!(:response_log)
+		@request.transmit(@uri, 'req', 'payload')
+	end
 end