Removing the bundling of the zencoder ca chain and allow users to specify cert paths

Nathan Sutton · Nathan Sutton · commit 0a0fe232a217 · 2014-07-23T16:11:25.000-05:00
diff --git a/lib/zencoder/http.rb b/lib/zencoder/http.rb
@@ -1,8 +1,6 @@
 module Zencoder
   class HTTP
 
-    CA_CHAIN_PATH = File.expand_path(File.join(File.dirname(__FILE__), "http", "resources", "zencoder_ca_chain.crt"))
-
     include Zencoder::Serializer
 
     attr_accessor :url, :options, :method
diff --git a/lib/zencoder/http/net_http.rb b/lib/zencoder/http/net_http.rb
@@ -2,7 +2,7 @@ module Zencoder
   class HTTP
     class NetHTTP
 
-      attr_accessor :method, :url, :uri, :body, :params, :headers, :timeout, :skip_ssl_verify, :options
+      attr_accessor :method, :url, :uri, :body, :params, :headers, :timeout, :skip_ssl_verify, :options, :ca_file, :ca_path
 
       def initialize(method, url, options)
         @method          = method
@@ -13,6 +13,8 @@ def initialize(method, url, options)
         @headers         = @options.delete(:headers)
         @timeout         = @options.delete(:timeout)
         @skip_ssl_verify = @options.delete(:skip_ssl_verify)
+        @ca_file         = @options.delete(:ca_file)
+        @ca_path         = @options.delete(:ca_path)
       end
 
       def self.post(url, options={})
@@ -59,10 +61,11 @@ def http
           if skip_ssl_verify
             http.verify_mode = OpenSSL::SSL::VERIFY_NONE
           else
-            http.ca_file = Zencoder::HTTP::CA_CHAIN_PATH
             http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            http.verify_depth = 5
           end
+
+          http.ca_file = ca_file if ca_file
+          http.ca_path = ca_path if ca_path
         end
 
         http
diff --git a/lib/zencoder/http/resources/zencoder_ca_chain.crt b/lib/zencoder/http/resources/zencoder_ca_chain.crt
diff --git a/lib/zencoder/http/typhoeus.rb b/lib/zencoder/http/typhoeus.rb
@@ -24,6 +24,14 @@ def self.perform(method, url, options={})
           options[:disable_ssl_peer_verification] = true
         end
 
+        if ca_file = options.delete(:ca_file)
+          options[:sslcert] = ca_file
+        end
+
+        if ca_path = options.delete(:ca_path)
+          options[:capath] = ca_path
+        end
+
         ::Typhoeus::Request.send(method, url, options)
       end
 
diff --git a/test/zencoder/http/net_http_test.rb b/test/zencoder/http/net_http_test.rb
@@ -41,12 +41,25 @@ class Zencoder::HTTP::NetHTTPTest < Test::Unit::TestCase
     end
 
     context "SSL verification" do
+      setup do
+        @http_stub = stub(:use_ssl= => true, :request => true, :verify_mode= => true)
+        ::Net::HTTP.expects(:new).returns(@http_stub)
+      end
+
       should "not verify when set to skip ssl verification" do
-        http_stub = stub(:use_ssl= => true, :request => true)
-        http_stub.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
-        ::Net::HTTP.expects(:new).returns(http_stub)
+        @http_stub.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
         Zencoder::HTTP::NetHTTP.post('https://example.com/path', :skip_ssl_verify => true)
       end
+
+      should "set the ca_file" do
+        @http_stub.expects(:ca_file=).with("/foo/bar/baz.crt")
+        Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_file => "/foo/bar/baz.crt")
+      end
+
+      should "set the ca_path" do
+        @http_stub.expects(:ca_path=).with("/foo/bar/")
+        Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_path => "/foo/bar/")
+      end
     end
 
     context ".post" do
diff --git a/test/zencoder/http/typhoeus_test.rb b/test/zencoder/http/typhoeus_test.rb
@@ -44,6 +44,16 @@ module Request
       Typhoeus::Request.expects(:get).with('https://example.com/', {:disable_ssl_peer_verification => true})
       Zencoder::HTTP::Typhoeus.get('https://example.com/', {:skip_ssl_verify => true})
     end
+
+    should "use the path to the cert file" do
+      Typhoeus::Request.expects(:get).with('https://example.com/', {:disable_ssl_peer_verification => true, :sslcert => "/foo/bar/baz.crt"})
+      Zencoder::HTTP::Typhoeus.get('https://example.com/', {:skip_ssl_verify => true, :ca_file => "/foo/bar/baz.crt"})
+    end
+
+    should "use the path to the certs directory" do
+      Typhoeus::Request.expects(:get).with('https://example.com/', {:disable_ssl_peer_verification => true, :capath => "/foo/bar/baz.crt"})
+      Zencoder::HTTP::Typhoeus.get('https://example.com/', {:skip_ssl_verify => true, :ca_path => "/foo/bar/baz.crt"})
+    end
   end
 
 end

-Original file line number
+Diff line change
       Typhoeus::Request.expects(:get).with('https://example.com', {:disable_ssl_peer_verification => true})
       Zencoder::HTTP::Typhoeus.get('https://example.com', {:skip_ssl_verify => true})
     end
++
 +    should "use the path to the cert file" do
 +      Typhoeus::Request.expects(:get).with('https://example.com', {:disable_ssl_peer_verification => true, :sslcert => "/foo/bar/baz.crt"})
 +      Zencoder::HTTP::Typhoeus.get('https://example.com', {:skip_ssl_verify => true, :ca_file => "/foo/bar/baz.crt"})
 +    end
++
 +    should "use the path to the certs directory" do
 +      Typhoeus::Request.expects(:get).with('https://example.com', {:disable_ssl_peer_verification => true, :capath => "/foo/bar/baz.crt"})
 +      Zencoder::HTTP::Typhoeus.get('https://example.com', {:skip_ssl_verify => true, :ca_path => "/foo/bar/baz.crt"})
 +    end
   end
 end