From 21bb30e6fdedd449a5d4e5c0f2c27f5383240583 Mon Sep 17 00:00:00 2001
From: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 9 Feb 2009 03:15:41 +0000
Subject:  r22141@crimson:  knu | 2009-02-08 22:04:26 +0900 
 (:ssl_verify_mode): new option suggested by Will Glynn. (r9958) 
 (:ssl_ca_cert): new option. (r9958, r13691)

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@22152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog       |  2 ++
 lib/open-uri.rb | 27 +++++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2edbf43f90..a2c3708c74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@ Sun Feb  8 21:39:06 2009  Akinori MUSHA  <knu@iDaemons.org>
 	  (OpenURI.open_loop): prohibit multiple proxy options. (r9339)
 	  (OpenURI.open_loop): find_proxy should return nil when proxy
 	  does not exist. [ruby-dev:27630] (r9500)
+	  (:ssl_verify_mode): new option suggested by Will Glynn. (r9958)
+	  (:ssl_ca_cert): new option. (r9958, r13691)
 
 Mon Feb  9 01:21:16 2009  Tanaka Akira  <akr@fsij.org>
 
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index 18fdce82c8..2f3e5ce8ac 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -96,6 +96,8 @@ module OpenURI
     :content_length_proc => true,
     :http_basic_authentication => true,
     :read_timeout => true,
+    :ssl_ca_cert => nil,
+    :ssl_verify_mode => nil,
   }
 
   def OpenURI.check_options(options) # :nodoc:
@@ -266,9 +268,17 @@ module OpenURI
     if target.class == URI::HTTPS
       require 'net/https'
       http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.verify_mode = options[:ssl_verify_mode] || OpenSSL::SSL::VERIFY_PEER
       store = OpenSSL::X509::Store.new
-      store.set_default_paths
+      if options[:ssl_ca_cert]
+        if File.directory? options[:ssl_ca_cert]
+          store.add_path options[:ssl_ca_cert]
+        else
+          store.add_file options[:ssl_ca_cert]
+        end
+      else
+        store.set_default_paths
+      end
       http.cert_store = store
     end
     if options.include? :read_timeout
@@ -570,6 +580,19 @@ module OpenURI
     #
     #  :read_timeout option specifies a timeout of read for http connections.
     #
+    # [:ssl_ca_cert]
+    #  Synopsis:
+    #    :ssl_ca_cert=>filename
+    #
+    #  :ssl_ca_cert is used to specify CA certificate for SSL.
+    #  If it is given, default certificates are not used.
+    #
+    # [:ssl_verify_mode]
+    #  Synopsis:
+    #    :ssl_verify_mode=>mode
+    #
+    #  :ssl_verify_mode is used to specify openssl verify mode.
+    #
     # OpenURI::OpenRead#open returns an IO like object if block is not given.
     # Otherwise it yields the IO object and return the value of the block.
     # The IO object is extended with OpenURI::Meta.
-- 
cgit v1.2.3