add aimonb/aviator to 3rdparty

[dsa-puppet.git] / 3rdparty / modules / aviator / lib / puppet / feature / faraday / adapter / em_http_ssl_patch.rb

diff --git a/3rdparty/modules/aviator/lib/puppet/feature/faraday/adapter/em_http_ssl_patch.rb b/3rdparty/modules/aviator/lib/puppet/feature/faraday/adapter/em_http_ssl_patch.rb
new file mode 100644 (file)
index 0000000..8bbfcbc
--- /dev/null
+++ b/3rdparty/modules/aviator/lib/puppet/feature/faraday/adapter/em_http_ssl_patch.rb
@@ -0,0 +1,56 @@
+require 'openssl'
+require 'em-http'
+
+module EmHttpSslPatch
+  def ssl_verify_peer(cert_string)
+    cert = nil
+    begin
+      cert = OpenSSL::X509::Certificate.new(cert_string)
+    rescue OpenSSL::X509::CertificateError
+      return false
+    end
+
+    @last_seen_cert = cert
+
+    if certificate_store.verify(@last_seen_cert)
+      begin
+        certificate_store.add_cert(@last_seen_cert)
+      rescue OpenSSL::X509::StoreError => e
+        raise e unless e.message == 'cert already in hash table'
+      end
+      true
+    else
+      raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
+    end
+  end
+
+  def ssl_handshake_completed
+    return true unless verify_peer?
+
+    unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
+      raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
+    else
+      true
+    end
+  end
+
+  def verify_peer?
+    parent.connopts.tls[:verify_peer]
+  end
+
+  def host
+    parent.connopts.host
+  end
+
+  def certificate_store
+    @certificate_store ||= begin
+      store = OpenSSL::X509::Store.new
+      store.set_default_paths
+      ca_file = parent.connopts.tls[:cert_chain_file]
+      store.add_file(ca_file) if ca_file
+      store
+    end
+  end
+end
+
+EventMachine::HttpStubConnection.send(:include, EmHttpSslPatch)