From 3e0951632c52018eefb86d9e0bfe77383f9622fb Mon Sep 17 00:00:00 2001
From: Roy Nicholson <nicholson.roy@gmail.com>
Date: Sun, 9 Aug 2009 13:57:20 -0400
Subject: Add ability to set SSL options on ARes connections.

[#2370 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 activeresource/lib/active_resource/connection.rb | 35 ++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 3 deletions(-)

(limited to 'activeresource/lib/active_resource/connection.rb')

diff --git a/activeresource/lib/active_resource/connection.rb b/activeresource/lib/active_resource/connection.rb
index ef57c1f8b2..c08b7272ae 100644
--- a/activeresource/lib/active_resource/connection.rb
+++ b/activeresource/lib/active_resource/connection.rb
@@ -16,7 +16,7 @@ module ActiveResource
       :delete => 'Accept'
     }
 
-    attr_reader :site, :user, :password, :timeout, :proxy
+    attr_reader :site, :user, :password, :timeout, :proxy, :ssl_options
     attr_accessor :format
 
     class << self
@@ -61,6 +61,11 @@ module ActiveResource
       @timeout = timeout
     end
 
+    # Hash of options applied to Net::HTTP instance when +site+ protocol is 'https'.
+    def ssl_options=(opts={})
+      @ssl_options = opts
+    end
+
     # Executes a GET request.
     # Used to get (find) resources.
     def get(path, headers = {})
@@ -102,6 +107,8 @@ module ActiveResource
         handle_response(result)
       rescue Timeout::Error => e
         raise TimeoutError.new(e.message)
+      rescue OpenSSL::SSL::SSLError => e
+        raise SSLError.new(e.message)
       end
 
       # Handles response and error codes from the remote service.
@@ -149,8 +156,7 @@ module ActiveResource
       end
 
       def configure_http(http)
-        http.use_ssl = @site.is_a?(URI::HTTPS)
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
+        http = apply_ssl_options(http)
 
         # Net::HTTP timeouts default to 60 seconds.
         if @timeout
@@ -161,6 +167,29 @@ module ActiveResource
         http
       end
 
+      def apply_ssl_options(http)
+        return http unless @site.is_a?(URI::HTTPS)
+
+        http.use_ssl     = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        return http unless defined?(@ssl_options)
+
+        http.ca_path     = @ssl_options[:ca_path] if @ssl_options[:ca_path]
+        http.ca_file     = @ssl_options[:ca_file] if @ssl_options[:ca_file]
+
+        http.cert        = @ssl_options[:cert] if @ssl_options[:cert]
+        http.key         = @ssl_options[:key]  if @ssl_options[:key]
+
+        http.cert_store  = @ssl_options[:cert_store]  if @ssl_options[:cert_store]
+        http.ssl_timeout = @ssl_options[:ssl_timeout] if @ssl_options[:ssl_timeout]
+
+        http.verify_mode     = @ssl_options[:verify_mode]     if @ssl_options[:verify_mode]
+        http.verify_callback = @ssl_options[:verify_callback] if @ssl_options[:verify_callback]
+        http.verify_depth    = @ssl_options[:verify_depth]    if @ssl_options[:verify_depth]
+
+        http
+      end
+
       def default_header
         @default_header ||= {}
       end
-- 
cgit v1.2.3