automatically enable verify_api_cert when in local-mode

2 files changed, 14 insertions, 2 deletions

diff --git a/lib/chef/config.rb b/lib/chef/config.rb
index 65ef1ac576..bbbe20c3dd 100644
--- a/lib/chef/config.rb
+++ b/lib/chef/config.rb
@@ -363,8 +363,9 @@ class Chef
 
     # Whether or not to verify the SSL cert for HTTPS requests to the Chef
     # server API. If set to `true`, the server's cert will be validated
-    # regardless of the :ssl_verify_mode setting.
-    default :verify_api_cert, false
+    # regardless of the :ssl_verify_mode setting. This is set to `true` when
+    # running in local-mode.
+    default (:verify_api_cert) { Chef::Config.local_mode }
 
     # Path to the default CA bundle files.
     default :ssl_ca_path, nil
diff --git a/spec/integration/client/client_spec.rb b/spec/integration/client/client_spec.rb
index 6357f1e2c0..8d6f0f03e1 100644
--- a/spec/integration/client/client_spec.rb
+++ b/spec/integration/client/client_spec.rb
@@ -206,6 +206,17 @@ EOM
       result.error!
     end
 
+    it "should not print SSL warnings when running in local-mode" do
+      file 'config/client.rb', <<EOM
+chef_server_url 'http://omg.com/blah'
+cookbook_path "#{path_to('cookbooks')}"
+EOM
+
+      result = shell_out("#{chef_client} -c \"#{path_to('config/client.rb')}\" -o 'x::default' --local-mode", :cwd => chef_dir)
+      result.stdout.should_not include("SSL validation of HTTPS requests is disabled.")
+      result.error!
+    end
+
     it "should complete with success when passed -z and --chef-zero-port" do
       file 'config/client.rb', <<EOM
 chef_server_url 'http://omg.com/blah'