Merge branch 'bugfix/force-an-openssl-cert-store-with-default-paths-because-rubby'

Author: Nathan Sutton

lib/zencoder/http/net_http.rb

@@ -62,10 +62,17 @@ def http
             http.verify_mode = OpenSSL::SSL::VERIFY_NONE
           else
             http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-          end
 
-          http.ca_file = ca_file if ca_file
-          http.ca_path = ca_path if ca_path
+            http.cert_store = OpenSSL::X509::Store.new
+            http.cert_store.set_default_paths
+
+            if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+              http.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+            end
+
+            http.cert_store.add_file(ca_file) if ca_file
+            http.cert_store.add_path(ca_path) if ca_path
+          end
         end
 
         http

test/test_helper.rb

@@ -2,7 +2,14 @@
 require 'bundler'
 Bundler.setup
 Bundler.require(:default, :test)
-require 'mocha/integration/test_unit' # Bundler load-order hax
+
+begin
+  require "minitest/unit"
+  require "mocha/mini_test"
+rescue LoadError
+  require "test/unit"
+  require "mocha/test_unit"
+end
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))

test/zencoder/http/net_http_test.rb

@@ -42,24 +42,45 @@ class Zencoder::HTTP::NetHTTPTest < Test::Unit::TestCase
 
     context "SSL verification" do
       setup do
-        @http_stub = stub(:use_ssl= => true, :request => true, :verify_mode= => true)
+        @cert_store = stub(:add_file => true, :add_path => true, :flags= => true, :set_default_paths => true)
+        @http_stub = stub(:use_ssl= => true, :request => true, :verify_mode= => true, :cert_store= => true, :cert_store => @cert_store)
         ::Net::HTTP.expects(:new).returns(@http_stub)
       end
 
-      should "not verify when set to skip ssl verification" do
-        @http_stub.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
-        Zencoder::HTTP::NetHTTP.post('https://example.com/path', :skip_ssl_verify => true)
-      end
+      context "when set to skip ssl verification" do
+        should "not verify" do
+          @http_stub.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path', :skip_ssl_verify => true)
+        end
 
-      should "set the ca_file" do
-        @http_stub.expects(:ca_file=).with("/foo/bar/baz.crt")
-        Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_file => "/foo/bar/baz.crt")
+        should "not setup a custom cert store" do
+          @http_stub.expects(:cert_store=).never
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path', :skip_ssl_verify => true)
+        end
       end
 
-      should "set the ca_path" do
-        @http_stub.expects(:ca_path=).with("/foo/bar/")
-        Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_path => "/foo/bar/")
+      context "when set to do ssl verification" do
+        should "setup a custom cert store" do
+          @http_stub.expects(:cert_store=)
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path')
+        end
+
+        should "set the default paths on the custom cert store" do
+          @cert_store.expects(:set_default_paths)
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path')
+        end
+
+        should "set the ca_file when it is passed in" do
+          @cert_store.expects(:add_file).with("/foo/bar/baz.crt")
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_file => "/foo/bar/baz.crt")
+        end
+
+        should "set the ca_path when it is passed in" do
+          @cert_store.expects(:add_path).with("/foo/bar/")
+          Zencoder::HTTP::NetHTTP.post('https://example.com/path', :ca_path => "/foo/bar/")
+        end
       end
+
     end
 
     context ".post" do