BUILDR-595 Add option to specifiy location of ca cert
Project: http://git-wip-us.apache.org/repos/asf/buildr/repo Commit: http://git-wip-us.apache.org/repos/asf/buildr/commit/01832052 Tree: http://git-wip-us.apache.org/repos/asf/buildr/tree/01832052 Diff: http://git-wip-us.apache.org/repos/asf/buildr/diff/01832052 Branch: refs/heads/master Commit: 018320526c89ba67edf75f7e27d81687c1589c85 Parents: 06c9b2f Author: Antoine Toulme <[email protected]> Authored: Sun Aug 14 23:20:03 2016 -0700 Committer: Antoine Toulme <[email protected]> Committed: Sun Aug 14 23:20:03 2016 -0700 ---------------------------------------------------------------------- doc/artifacts.textile | 13 +++++++++++++ lib/buildr/core/transports.rb | 4 ++++ spec/core/transport_spec.rb | 9 +++++++++ 3 files changed, 26 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/doc/artifacts.textile ---------------------------------------------------------------------- diff --git a/doc/artifacts.textile b/doc/artifacts.textile index 4ee1f3f..118d779 100644 --- a/doc/artifacts.textile +++ b/doc/artifacts.textile @@ -198,6 +198,19 @@ Since we ordered the calls to @artifact@ first and @download@ second, we know th Magic. +h3(#ssl). SSL and Self-signed certificates + +There's always that Maven repository you learnt to hate, because it's using a faulty SSL certificate, or a self-signed one. + +On top of installing that certificate everywhere, it's messing with your build! + +To get out of there, you can use the environment variable SSL_CA_CERTS to point at a folder containing your certificates. +For example: + +{% highlight bash %} +export SSL_CA_CERTS=/Users/john/certs +buildr package +{% endhighlight %} h2(#install_upload). Install and Upload http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/lib/buildr/core/transports.rb ---------------------------------------------------------------------- diff --git a/lib/buildr/core/transports.rb b/lib/buildr/core/transports.rb index 3e8def0..6d28a96 100644 --- a/lib/buildr/core/transports.rb +++ b/lib/buildr/core/transports.rb @@ -279,6 +279,10 @@ module URI headers['User-Agent'] = "Buildr-#{Buildr::VERSION}" request = Net::HTTP::Get.new(request_uri.empty? ? '/' : request_uri, headers) request.basic_auth self.user, self.password if self.user + if ENV['SSL_CA_CERTS'] + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.ca_path = ENV['SSL_CA_CERTS'] + end http.request request do |response| case response when Net::HTTPNotModified http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/spec/core/transport_spec.rb ---------------------------------------------------------------------- diff --git a/spec/core/transport_spec.rb b/spec/core/transport_spec.rb index a3a3c45..03a8c1d 100644 --- a/spec/core/transport_spec.rb +++ b/spec/core/transport_spec.rb @@ -246,6 +246,15 @@ describe URI::HTTP, '#read' do @http.should_receive(:use_ssl=).with(true) URI(@uri.to_s.sub(/http/, 'https')).read end + + it 'should use custom SSL CA certificates if provided through the environment variable SSL_CA_CERTS' do + ENV['SSL_CA_CERTS'] = 'tmp/certs' + Net::HTTP.should_receive(:new).with(@host_domain, 443).and_return(@http) + @http.should_receive(:use_ssl=).with(true) + @http.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) + @http.should_receive(:ca_path=).with('tmp/certs') + URI(@uri.to_s.sub(/http/, 'https')).read + end it 'should use proxy from environment variable HTTP_PROXY when using http' do ENV['HTTP_PROXY'] = @proxy
