Skip to content

Commit 9fb5fb5

Browse files
marshall-leemarshall-lee
committed
Support extra_chain_cert= setting
Reference: https://bugs.ruby-lang.org/issues/9758
1 parent 12a9230 commit 9fb5fb5

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed

lib/net/http/persistent.rb

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,11 @@ def self.detect_idle_timeout uri, max = 10
270270

271271
attr_reader :ciphers
272272

273+
##
274+
# Extra certificates to be added to the certificate chain
275+
276+
attr_reader :extra_chain_cert
277+
273278
##
274279
# Sends debug_output to this IO via Net::HTTP#set_debug_output.
275280
#
@@ -574,6 +579,14 @@ def ciphers= ciphers
574579
reconnect_ssl
575580
end
576581

582+
##
583+
# Extra certificates to be added to the certificate chain
584+
def extra_chain_cert= extra_chain_cert
585+
@extra_chain_cert = extra_chain_cert
586+
587+
reconnect_ssl
588+
end
589+
577590
##
578591
# Creates a new connection for +uri+
579592

@@ -1023,6 +1036,10 @@ def ssl connection
10231036
connection.key = @private_key
10241037
end
10251038

1039+
if @extra_chain_cert
1040+
connection.extra_chain_cert = @extra_chain_cert
1041+
end
1042+
10261043
connection.cert_store = if @cert_store then
10271044
@cert_store
10281045
else

test/test_net_http_persistent.rb

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -247,6 +247,14 @@ def test_ciphers_equals
247247
assert_equal 1, @http.ssl_generation
248248
end
249249

250+
def test_extra_chain_cert_equals
251+
skip 'extra_chain_cert is not supported by Net::HTTP' unless Net::HTTP.method_defined?(:extra_chain_cert)
252+
@http.extra_chain_cert = :extra_chain_cert
253+
254+
assert_equal :extra_chain_cert, @http.extra_chain_cert
255+
assert_equal 1, @http.ssl_generation
256+
end
257+
250258
def test_connection_for
251259
@http.open_timeout = 123
252260
@http.read_timeout = 321
@@ -1342,6 +1350,19 @@ def test_ssl_verify_mode
13421350
assert_equal OpenSSL::SSL::VERIFY_NONE, c.verify_mode
13431351
end
13441352

1353+
def test_ssl_extra_chain_cert
1354+
skip 'OpenSSL is missing' unless HAVE_OPENSSL
1355+
skip 'extra_chain_cert is not supported by Net::HTTP' unless Net::HTTP.method_defined?(:extra_chain_cert)
1356+
1357+
@http.extra_chain_cert = :extra_chain_cert
1358+
c = Net::HTTP.new 'localhost', 80
1359+
1360+
@http.ssl c
1361+
1362+
assert c.use_ssl?
1363+
assert_equal :extra_chain_cert, c.extra_chain_cert
1364+
end
1365+
13451366
def test_ssl_warning
13461367
skip 'OpenSSL is missing' unless HAVE_OPENSSL
13471368

0 commit comments

Comments
 (0)