5 def ssl_verify_peer(cert_string)
8 cert = OpenSSL::X509::Certificate.new(cert_string)
9 rescue OpenSSL::X509::CertificateError
13 @last_seen_cert = cert
15 if certificate_store.verify(@last_seen_cert)
17 certificate_store.add_cert(@last_seen_cert)
18 rescue OpenSSL::X509::StoreError => e
19 raise e unless e.message == 'cert already in hash table'
23 raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
27 def ssl_handshake_completed
28 return true unless verify_peer?
30 unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
31 raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
38 parent.connopts.tls[:verify_peer]
46 @certificate_store ||= begin
47 store = OpenSSL::X509::Store.new
48 store.set_default_paths
49 ca_file = parent.connopts.tls[:cert_chain_file]
50 store.add_file(ca_file) if ca_file
56 EventMachine::HttpStubConnection.send(:include, EmHttpSslPatch)