Add tests for SSL CA path behavior.

spec/integration/capath_equifax/578d5c04.0

@@ -0,0 +1 @@
+equifax.crt

spec/integration/capath_equifax/594f1775.0

@@ -0,0 +1 @@
+equifax.crt

spec/integration/capath_equifax/README

@@ -0,0 +1 @@
+These symlinks are created by c_rehash(1ssl).

spec/integration/capath_equifax/equifax.crt

@@ -0,0 +1 @@
+../certs/equifax.crt

spec/integration/capath_verisign/415660c1.0

@@ -0,0 +1 @@
+verisign.crt

spec/integration/capath_verisign/7651b327.0

@@ -0,0 +1 @@
+verisign.crt

spec/integration/capath_verisign/README

@@ -0,0 +1 @@
+These symlinks are created by c_rehash(1ssl).

spec/integration/capath_verisign/verisign.crt

@@ -0,0 +1 @@
+../certs/verisign.crt

spec/integration/request_spec.rb

@@ -12,6 +12,16 @@ describe RestClient::Request do
       expect { request.execute }.to_not raise_error
     end
 
+    it "is successful with the correct ca_path" do
+      request = RestClient::Request.new(
+        :method => :get,
+        :url => 'https://www.mozilla.com',
+        :verify_ssl => OpenSSL::SSL::VERIFY_PEER,
+        :ssl_ca_path => File.join(File.dirname(__FILE__), "capath_equifax")
+      )
+      expect { request.execute }.to_not raise_error
+    end
+
     # I don' think this feature is useful anymore (under 1.9.3 at the very least).
     #
     # Exceptions in verify_callback are ignored; RestClient has to catch OpenSSL::SSL::SSLError
@@ -31,5 +41,15 @@ describe RestClient::Request do
       )
       expect { request.execute }.to raise_error(RestClient::SSLCertificateNotVerified)
     end
+
+    it "is unsuccessful with an incorrect ca_path" do
+      request = RestClient::Request.new(
+        :method => :get,
+        :url => 'https://www.mozilla.com',
+        :verify_ssl => OpenSSL::SSL::VERIFY_PEER,
+        :ssl_ca_path => File.join(File.dirname(__FILE__), "capath_verisign")
+      )
+      expect { request.execute }.to raise_error(RestClient::SSLCertificateNotVerified)
+    end
   end
 end

spec/request_spec.rb

@@ -558,6 +558,41 @@ describe RestClient::Request do
       @request.stub!(:response_log)
       @request.transmit(@uri, 'req', 'payload')
     end
+
+    it "should default to not having an ssl_ca_path" do
+      @request.ssl_ca_path.should be(nil)
+    end
+
+    it "should set the ssl_ca_path if provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_version => 'SSLv3',
+              :ssl_ca_path => "Certificate Authority Path"
+      )
+      @net.should_receive(:ca_path=).with("Certificate Authority Path")
+      @net.should_receive(:ssl_version=).with('SSLv3')
+      @http.stub!(:request)
+      @request.stub!(:process_result)
+      @request.stub!(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_sa_path if it is not provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :ssl_version => 'TSLv1',
+              :payload => 'payload'
+      )
+      @net.should_not_receive(:sa_path=).with("Certificate Authority File")
+      @net.should_receive(:ssl_version=).with('TSLv1')
+      @http.stub!(:request)
+      @request.stub!(:process_result)
+      @request.stub!(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
   end
 
   it "should still return a response object for 204 No Content responses" do