diff options
| author | Tim Smith <tsmith@chef.io> | 2020-05-27 23:45:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-27 23:45:12 -0700 |
| commit | a5c8171cbf2680864a7e79fabc08411c29d504fa (patch) | |
| tree | f320888cd709584dfcde5f06fcde2a0a397bb70f | |
| parent | 6a9f4c82a0d96c3d58199eeea1f0f0ebe2f2f8b6 (diff) | |
| parent | 93b7ff643e8f05201f0f70696cde6a32daa8b63b (diff) | |
| download | chef-a5c8171cbf2680864a7e79fabc08411c29d504fa.tar.gz | |
Merge pull request #9925 from jaymzh/remote_file_ssl2
Update to ssl_verify_mode on remote_file
| -rw-r--r-- | lib/chef/http.rb | 16 | ||||
| -rw-r--r-- | lib/chef/provider/remote_file/http.rb | 7 |
2 files changed, 16 insertions, 7 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb index d34718d048..207c616086 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -292,6 +292,21 @@ class Chef private # @api private + def ssl_policy + return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode] + + case @options[:ssl_verify_mode] + when :verify_none + Chef::HTTP::VerifyNoneSSLPolicy + when :verify_peer + Chef::HTTP::VerifyPeerSSLPolicy + else + Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy") + Chef::HTTP::APISSLPolicy + end + end + + # @api private def build_http_client(base_url) if chef_zero_uri?(base_url) # PERFORMANCE CRITICAL: *MUST* lazy require here otherwise we load up webrick @@ -304,7 +319,6 @@ class Chef SocketlessChefZeroClient.new(base_url) else - ssl_policy = @options[:ssl_verify_mode] || Chef::HTTP::APISSLPolicy BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives) end end diff --git a/lib/chef/provider/remote_file/http.rb b/lib/chef/provider/remote_file/http.rb index 67a8fe803d..26332c061f 100644 --- a/lib/chef/provider/remote_file/http.rb +++ b/lib/chef/provider/remote_file/http.rb @@ -135,12 +135,7 @@ class Chef opts[:disable_gzip] = true end if new_resource.ssl_verify_mode - opts[:ssl_verify_mode] = case new_resource.ssl_verify_mode - when :verify_none - Chef::HTTP::VerifyNoneSSLPolicy - when :verify_peer - Chef::HTTP::VerifyPeerSSLPolicy - end + opts[:ssl_verify_mode] = new_resource.ssl_verify_mode end opts end |