Merge pull request #2612 from snackbandit/509

Initial support of X.509 client certificates

2 files changed, 11 insertions, 0 deletions

diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb
index 78588c7adc..8b05046003 100644
--- a/lib/bundler/fetcher.rb
+++ b/lib/bundler/fetcher.rb
@@ -75,6 +75,11 @@ module Bundler
         @connection.verify_mode = (Bundler.settings[:ssl_verify_mode] ||
           OpenSSL::SSL::VERIFY_PEER)
         @connection.cert_store = bundler_cert_store
+        if Bundler.settings[:ssl_client_cert]
+          pem = File.read(Bundler.settings[:ssl_client_cert])
+          @connection.cert = OpenSSL::X509::Certificate.new(pem)
+          @connection.key  = OpenSSL::PKey::RSA.new(pem)
+        end
       else
         raise SSLError if @remote_uri.scheme == "https"
         @connection = Net::HTTP.new(@remote_uri.host, @remote_uri.port)
diff --git a/man/bundle-config.ronn b/man/bundle-config.ronn
index 96cf59bd0c..37f9fffef6 100644
--- a/man/bundle-config.ronn
+++ b/man/bundle-config.ronn
@@ -92,6 +92,12 @@ learn more about their operation in [bundle install(1)][bundle-install].
   relative paths in the `Gemfile`, among other things. By default, bundler
   will search up from the current working directory until it finds a
   `Gemfile`.
+* `ssl_ca_cert` (`BUNDLE_SSL_CA_CERT`):
+  Path to a designated CA certificate file or folder containing multiple
+  certificates for trusted CAs in PEM format.
+* `ssl_client_cert` (`BUNDLE_SSL_CLIENT_CERT`):
+  Path to a designated file containing a X.509 client certificate
+  and key in PEM format.
 
 In general, you should set these settings per-application by using the applicable
 flag to the [bundle install(1)][bundle-install] command.