Repository: buildr Updated Branches: refs/heads/master 018320526 -> adee9eb60
BUILDR-594 Add option to turn ssl verification for remote repositories off Project: http://git-wip-us.apache.org/repos/asf/buildr/repo Commit: http://git-wip-us.apache.org/repos/asf/buildr/commit/adee9eb6 Tree: http://git-wip-us.apache.org/repos/asf/buildr/tree/adee9eb6 Diff: http://git-wip-us.apache.org/repos/asf/buildr/diff/adee9eb6 Branch: refs/heads/master Commit: adee9eb60d096ff1c8a344a259be98680f8e3de3 Parents: 0183205 Author: Antoine Toulme <[email protected]> Authored: Sun Aug 14 23:39:11 2016 -0700 Committer: Antoine Toulme <[email protected]> Committed: Sun Aug 14 23:39:11 2016 -0700 ---------------------------------------------------------------------- doc/artifacts.textile | 9 +++++++++ lib/buildr/core/transports.rb | 6 ++---- spec/core/transport_spec.rb | 9 ++++++++- 3 files changed, 19 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/buildr/blob/adee9eb6/doc/artifacts.textile ---------------------------------------------------------------------- diff --git a/doc/artifacts.textile b/doc/artifacts.textile index 118d779..b07044e 100644 --- a/doc/artifacts.textile +++ b/doc/artifacts.textile @@ -212,6 +212,15 @@ export SSL_CA_CERTS=/Users/john/certs buildr package {% endhighlight %} +You can also change the OpenSSL verify mode so it won't barf on your certificate. Use the environment variable @SSL_VERIFY_MODE@ to specify one of the following: @VERIFY_NONE@, @VERIFY_PEER@, @VERIFY_CLIENT_ONCE@, @VERIFY_FAIL_IF_NO_PEER_CERT@. See @OpenSSL::SSL@ for more info. + +For example: +{% highlight bash %} +# Don't verify certificates +export SSL_VERIFY_MODE=VERIFY_NONE +buildr package +{% endhighlight %} + h2(#install_upload). Install and Upload Generally you use artifacts that download from remote repositories into the local repository, or artifacts packaged by the project itself (see "Packaging":packaging.html), which are then installed into the local repository and uploaded to the release server. http://git-wip-us.apache.org/repos/asf/buildr/blob/adee9eb6/lib/buildr/core/transports.rb ---------------------------------------------------------------------- diff --git a/lib/buildr/core/transports.rb b/lib/buildr/core/transports.rb index 6d28a96..bf62ef3 100644 --- a/lib/buildr/core/transports.rb +++ b/lib/buildr/core/transports.rb @@ -279,10 +279,8 @@ module URI headers['User-Agent'] = "Buildr-#{Buildr::VERSION}" request = Net::HTTP::Get.new(request_uri.empty? ? '/' : request_uri, headers) request.basic_auth self.user, self.password if self.user - if ENV['SSL_CA_CERTS'] - http.verify_mode = OpenSSL::SSL::VERIFY_PEER - http.ca_path = ENV['SSL_CA_CERTS'] - end + http.verify_mode = ::OpenSSL::SSL.const_get(ENV['SSL_VERIFY_MODE']) if ENV['SSL_VERIFY_MODE'] + http.ca_path = ENV['SSL_CA_CERTS'] if ENV['SSL_CA_CERTS'] http.request request do |response| case response when Net::HTTPNotModified http://git-wip-us.apache.org/repos/asf/buildr/blob/adee9eb6/spec/core/transport_spec.rb ---------------------------------------------------------------------- diff --git a/spec/core/transport_spec.rb b/spec/core/transport_spec.rb index 03a8c1d..5843bfb 100644 --- a/spec/core/transport_spec.rb +++ b/spec/core/transport_spec.rb @@ -248,10 +248,17 @@ describe URI::HTTP, '#read' do end it 'should use custom SSL CA certificates if provided through the environment variable SSL_CA_CERTS' do - ENV['SSL_CA_CERTS'] = 'tmp/certs' + ENV['SSL_VERIFY_MODE'] = 'VERIFY_PEER' Net::HTTP.should_receive(:new).with(@host_domain, 443).and_return(@http) @http.should_receive(:use_ssl=).with(true) @http.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) + URI(@uri.to_s.sub(/http/, 'https')).read + end + + it 'should use custom verify mode if provided through the environment variable SSL_VERIFY_MODE' do + ENV['SSL_CA_CERTS'] = 'tmp/certs' + Net::HTTP.should_receive(:new).with(@host_domain, 443).and_return(@http) + @http.should_receive(:use_ssl=).with(true) @http.should_receive(:ca_path=).with('tmp/certs') URI(@uri.to_s.sub(/http/, 'https')).read end
