From 7e9175e3d9f55e1f7d363b1b36e8b1fbf1ff0ec6 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 23 Dec 2014 15:06:40 +0000
Subject: [PATCH] * lib/open-uri.rb (OpenURI.open_http): accept multiple certs
 path in   ssl_ca_certs.

* tool/downloader.rb: use certs of rubygems for downloading gems.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog          |  7 +++++++
 lib/open-uri.rb    | 13 ++++++++-----
 tool/downloader.rb |  6 +++---
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ea97480768..c3845bf16b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Wed Dec 24 00:04:45 2014  NAKAMURA Usaku  <usa@ruby-lang.org>
+
+	* lib/open-uri.rb (OpenURI.open_http): accept multiple certs path in
+	  ssl_ca_certs.
+
+	* tool/downloader.rb: use certs of rubygems for downloading gems.
+
 Tue Dec 23 22:39:11 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* ext/fiddle/extlibs: libffi-3.2.1 and patch for mswin.
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index 829759ab7c..71f1eb7383 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -295,10 +295,13 @@ module OpenURI
       http.verify_mode = options[:ssl_verify_mode] || OpenSSL::SSL::VERIFY_PEER
       store = OpenSSL::X509::Store.new
       if options[:ssl_ca_cert]
-        if File.directory? options[:ssl_ca_cert]
-          store.add_path options[:ssl_ca_cert]
-        else
-          store.add_file options[:ssl_ca_cert]
+        certs = options[:ssl_ca_cert].is_a?(Array) ? options[:ssl_ca_cert] : [options[:ssl_ca_cert]]
+        certs.each do |cert|
+          if File.directory? cert
+            store.add_path cert
+          else
+            store.add_file cert
+          end
         end
       else
         store.set_default_paths
@@ -680,7 +683,7 @@ module OpenURI
     #
     # [:ssl_ca_cert]
     #  Synopsis:
-    #    :ssl_ca_cert=>filename
+    #    :ssl_ca_cert=>filename or an Array of filenames
     #
     #  :ssl_ca_cert is used to specify CA certificate for SSL.
     #  If it is given, default certificates are not used.
diff --git a/tool/downloader.rb b/tool/downloader.rb
index c2fc638eae..67c27522dc 100644
--- a/tool/downloader.rb
+++ b/tool/downloader.rb
@@ -9,7 +9,7 @@ class Downloader
 
   class RubyGems < self
     def self.download(name, *rest)
-      super("https://rubygems.org/downloads/#{name}", name, *rest)
+      super("https://rubygems.org/downloads/#{name}", name, *rest, ssl_ca_cert: Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/*.pem", File.dirname(__FILE__))))
     end
   end
 
@@ -52,7 +52,7 @@ class Downloader
   # Example usage:
   #   download 'http://www.unicode.org/Public/UCD/latest/ucd/UnicodeData.txt',
   #            'UnicodeData.txt', 'enc/unicode/data'
-  def self.download(url, name, dir = nil, ims = true)
+  def self.download(url, name, dir = nil, ims = true, options = {})
     file = dir ? File.join(dir, File.basename(name)) : name
     if ims.nil? and File.exist?(file)
       if $VERBOSE
@@ -67,7 +67,7 @@ class Downloader
       $stdout.flush
     end
     begin
-      data = url.read(http_options(file, ims.nil? ? true : ims))
+      data = url.read(options.merge(http_options(file, ims.nil? ? true : ims)))
     rescue OpenURI::HTTPError => http_error
       if http_error.message =~ /^304 / # 304 Not Modified
         if $VERBOSE