Support extra_chain_cert= setting

Reference: https://bugs.ruby-lang.org/issues/9758

Author: marshall-lee

lib/net/http/persistent.rb

@@ -270,6 +270,11 @@ def self.detect_idle_timeout uri, max = 10
 
   attr_reader :ciphers
 
+  ##
+  # Extra certificates to be added to the certificate chain
+
+  attr_reader :extra_chain_cert
+
   ##
   # Sends debug_output to this IO via Net::HTTP#set_debug_output.
   #
@@ -574,6 +579,14 @@ def ciphers= ciphers
     reconnect_ssl
   end
 
+  ##
+  # Extra certificates to be added to the certificate chain
+  def extra_chain_cert= extra_chain_cert
+    @extra_chain_cert = extra_chain_cert
+
+    reconnect_ssl
+  end
+
   ##
   # Creates a new connection for +uri+
 
@@ -1023,6 +1036,10 @@ def ssl connection
       connection.key  = @private_key
     end
 
+    if @extra_chain_cert
+      connection.extra_chain_cert = @extra_chain_cert
+    end
+
     connection.cert_store = if @cert_store then
                               @cert_store
                             else

test/test_net_http_persistent.rb

@@ -247,6 +247,13 @@ def test_ciphers_equals
     assert_equal 1, @http.ssl_generation
   end
 
+  def test_extra_chain_cert_equals
+    @http.extra_chain_cert = :extra_chain_cert
+
+    assert_equal :extra_chain_cert, @http.extra_chain_cert
+    assert_equal 1, @http.ssl_generation
+  end
+
   def test_connection_for
     @http.open_timeout = 123
     @http.read_timeout = 321
@@ -1342,6 +1349,18 @@ def test_ssl_verify_mode
     assert_equal OpenSSL::SSL::VERIFY_NONE, c.verify_mode
   end
 
+  def test_ssl_extra_chain_cert
+    skip 'OpenSSL is missing' unless HAVE_OPENSSL
+
+    @http.extra_chain_cert = :extra_chain_cert
+    c = Net::HTTP.new 'localhost', 80
+
+    @http.ssl c
+
+    assert c.use_ssl?
+    assert_equal :extra_chain_cert, c.extra_chain_cert
+  end
+
   def test_ssl_warning
     skip 'OpenSSL is missing' unless HAVE_OPENSSL