Expose SSLContext#extra_chain_cert in Net::HTTP

Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.

This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users. [Feature #9758]

1 files changed, 6 insertions, 0 deletions

diff --git a/lib/net/http.rb b/lib/net/http.rb
index 59b6d909bb..ffce1a0784 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -850,6 +850,7 @@ module Net   #:nodoc:
       :@cert,
       :@cert_store,
       :@ciphers,
+      :@extra_chain_cert,
       :@key,
       :@ssl_timeout,
       :@ssl_version,
@@ -866,6 +867,7 @@ module Net   #:nodoc:
       :cert,
       :cert_store,
       :ciphers,
+      :extra_chain_cert
       :key,
       :ssl_timeout,
       :ssl_version,
@@ -896,6 +898,10 @@ module Net   #:nodoc:
     # Sets the available ciphers.  See OpenSSL::SSL::SSLContext#ciphers=
     attr_accessor :ciphers
 
+    # Sets the extra X509 certificates to be added to the certificate chain.
+    # See OpenSSL::SSL::SSLContext#extra_chain_cert=
+    attr_accessor :extra_chain_cert
+
     # Sets an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
     # (This method is appeared in Michal Rokos's OpenSSL extension.)
     attr_accessor :key