You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@buildr.apache.org by to...@apache.org on 2016/08/15 06:20:18 UTC
[2/2] buildr git commit: BUILDR-595 Add option to specifiy location
of ca cert
BUILDR-595 Add option to specifiy location of ca cert
Project: http://git-wip-us.apache.org/repos/asf/buildr/repo
Commit: http://git-wip-us.apache.org/repos/asf/buildr/commit/01832052
Tree: http://git-wip-us.apache.org/repos/asf/buildr/tree/01832052
Diff: http://git-wip-us.apache.org/repos/asf/buildr/diff/01832052
Branch: refs/heads/master
Commit: 018320526c89ba67edf75f7e27d81687c1589c85
Parents: 06c9b2f
Author: Antoine Toulme <an...@lunar-ocean.com>
Authored: Sun Aug 14 23:20:03 2016 -0700
Committer: Antoine Toulme <an...@lunar-ocean.com>
Committed: Sun Aug 14 23:20:03 2016 -0700
----------------------------------------------------------------------
doc/artifacts.textile | 13 +++++++++++++
lib/buildr/core/transports.rb | 4 ++++
spec/core/transport_spec.rb | 9 +++++++++
3 files changed, 26 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/doc/artifacts.textile
----------------------------------------------------------------------
diff --git a/doc/artifacts.textile b/doc/artifacts.textile
index 4ee1f3f..118d779 100644
--- a/doc/artifacts.textile
+++ b/doc/artifacts.textile
@@ -198,6 +198,19 @@ Since we ordered the calls to @artifact@ first and @download@ second, we know th
Magic.
+h3(#ssl). SSL and Self-signed certificates
+
+There's always that Maven repository you learnt to hate, because it's using a faulty SSL certificate, or a self-signed one.
+
+On top of installing that certificate everywhere, it's messing with your build!
+
+To get out of there, you can use the environment variable SSL_CA_CERTS to point at a folder containing your certificates.
+For example:
+
+{% highlight bash %}
+export SSL_CA_CERTS=/Users/john/certs
+buildr package
+{% endhighlight %}
h2(#install_upload). Install and Upload
http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/lib/buildr/core/transports.rb
----------------------------------------------------------------------
diff --git a/lib/buildr/core/transports.rb b/lib/buildr/core/transports.rb
index 3e8def0..6d28a96 100644
--- a/lib/buildr/core/transports.rb
+++ b/lib/buildr/core/transports.rb
@@ -279,6 +279,10 @@ module URI
headers['User-Agent'] = "Buildr-#{Buildr::VERSION}"
request = Net::HTTP::Get.new(request_uri.empty? ? '/' : request_uri, headers)
request.basic_auth self.user, self.password if self.user
+ if ENV['SSL_CA_CERTS']
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ http.ca_path = ENV['SSL_CA_CERTS']
+ end
http.request request do |response|
case response
when Net::HTTPNotModified
http://git-wip-us.apache.org/repos/asf/buildr/blob/01832052/spec/core/transport_spec.rb
----------------------------------------------------------------------
diff --git a/spec/core/transport_spec.rb b/spec/core/transport_spec.rb
index a3a3c45..03a8c1d 100644
--- a/spec/core/transport_spec.rb
+++ b/spec/core/transport_spec.rb
@@ -246,6 +246,15 @@ describe URI::HTTP, '#read' do
@http.should_receive(:use_ssl=).with(true)
URI(@uri.to_s.sub(/http/, 'https')).read
end
+
+ it 'should use custom SSL CA certificates if provided through the environment variable SSL_CA_CERTS' do
+ ENV['SSL_CA_CERTS'] = 'tmp/certs'
+ Net::HTTP.should_receive(:new).with(@host_domain, 443).and_return(@http)
+ @http.should_receive(:use_ssl=).with(true)
+ @http.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+ @http.should_receive(:ca_path=).with('tmp/certs')
+ URI(@uri.to_s.sub(/http/, 'https')).read
+ end
it 'should use proxy from environment variable HTTP_PROXY when using http' do
ENV['HTTP_PROXY'] = @proxy