diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-02-19 15:17:16 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-02-19 15:17:16 +0000 |
commit | 6701de8e1eaf745d577521ead3ff63b0ba08fad9 (patch) | |
tree | 9012ee9562554a98451bea41a34b41c3978ab54b /lib | |
parent | 5d95ecbd1a2fbc065addb3b57e44a3731e7602b6 (diff) | |
download | ruby-6701de8e1eaf745d577521ead3ff63b0ba08fad9.tar.gz |
* lib/open-uri.rb: add :ssl_verify_mode option.
suggested by Will Glynn.
* lib/open-uri.rb: add :ssl_ca_cert option.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9958 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/open-uri.rb | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/open-uri.rb b/lib/open-uri.rb index 977d2e4439..e0d385e663 100644 --- a/lib/open-uri.rb +++ b/lib/open-uri.rb @@ -99,6 +99,8 @@ module OpenURI :content_length_proc => true, :http_basic_authentication => true, :read_timeout => true, + :ssl_ca_cert => nil, + :ssl_verify_mode => nil, } def OpenURI.check_options(options) # :nodoc: @@ -269,8 +271,17 @@ module OpenURI if target.class == URI::HTTPS require 'net/https' http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.verify_mode = options[:ssl_verify_mode] || OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new + if options[:ssl_ca_cert] + if File.directory? options[:ssl_ca_cert] + store.add_path options[:ssl_ca_cert] + else + store.add_file options[:ssl_ca_cert] + end + else + store.set_default_paths + end store.set_default_paths http.cert_store = store end @@ -583,6 +594,19 @@ module OpenURI # # :read_timeout option specifies a timeout of read for http connections. # + # [:ssl_ca_cert] + # Synopsis: + # :ssl_ca_cert=>filename + # + # :ssl_ca_cert is used to specify CA certificate for SSL. + # If it is given, default certificates are not used. + # + # [:ssl_verify_mode] + # Synopsis: + # :ssl_verify_mode=>mode + # + # :ssl_verify_mode is used to specify openssl verify mode. + # # OpenURI::OpenRead#open returns an IO like object if block is not given. # Otherwise it yields the IO object and return the value of the block. # The IO object is extended with OpenURI::Meta. |