Expose option to set SSL cert_store.

Fixes: #254
2022-11-09 13:49:40 -05:00 · 2014-03-16 15:36:47 -07:00 · 2014-03-16 15:36:47 -07:00 · f378ad154a
commit f378ad154a
parent 5cc2ed397d
2 changed files with 40 additions and 3 deletions
--- a/lib/restclient/request.rb
+++ b/lib/restclient/request.rb
@ -25,7 +25,8 @@ module RestClient
  #     OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER
  # * :timeout and :open_timeout are how long to wait for a response and to
  #     open a connection, in seconds. Pass nil to disable the timeout.
-  # * :ssl_client_cert, :ssl_client_key, :ssl_ca_file, :ssl_ca_path
+  # * :ssl_client_cert, :ssl_client_key, :ssl_ca_file, :ssl_ca_path,
+  #     :ssl_cert_store
  # * :ssl_version specifies the SSL version for the underlying Net::HTTP connection
  # * :ssl_ciphers sets SSL ciphers for the connection. See
  #     OpenSSL::SSL::SSLContext#ciphers=
@ -34,8 +35,8 @@ module RestClient
    attr_reader :method, :url, :headers, :cookies,
                :payload, :user, :password, :timeout, :max_redirects,
                :open_timeout, :raw_response, :verify_ssl, :ssl_client_cert,
-                :ssl_client_key, :ssl_ca_file, :processed_headers, :args,
-                :ssl_version, :ssl_ca_path, :ssl_ciphers
+                :ssl_client_key, :ssl_ca_file, :ssl_ca_path, :ssl_cert_store,
+                :processed_headers, :args, :ssl_version, :ssl_ciphers

    def self.execute(args, & block)
      new(args).execute(& block)
@ -124,6 +125,7 @@ module RestClient
      @ssl_client_key = args[:ssl_client_key] || nil
      @ssl_ca_file = args[:ssl_ca_file] || nil
      @ssl_ca_path = args[:ssl_ca_path] || nil
+      @ssl_cert_store = args[:ssl_cert_store] || nil
      @ssl_version = args[:ssl_version]
      @tf = nil # If you are a raw request, this is your tempfile
      @max_redirects = args[:max_redirects] || 10
@ -282,6 +284,7 @@ module RestClient
      net.key = @ssl_client_key if @ssl_client_key
      net.ca_file = @ssl_ca_file if @ssl_ca_file
      net.ca_path = @ssl_ca_path if @ssl_ca_path
+      net.cert_store = @ssl_cert_store if @ssl_cert_store

      if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
        warn('WARNING: OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE')
--- a/spec/unit/request_spec.rb
+++ b/spec/unit/request_spec.rb
@ -784,6 +784,40 @@ describe RestClient::Request do
      @request.stub(:response_log)
      @request.transmit(@uri, 'req', 'payload')
    end
+
+    it "should set the ssl_cert_store if provided" do
+      store = OpenSSL::X509::Store.new
+      store.set_default_paths
+
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_cert_store => store
+      )
+      @net.should_receive(:cert_store=).with(store)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_cert_store if it is not provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload'
+      )
+      @net.should_not_receive(:cert_store=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should default to not having an ssl_cert_store" do
+      @request.ssl_cert_store.should be(nil)
+    end
  end

  it "should still return a response object for 204 No Content responses" do