diff options
author | Phil Dibowitz <phil@ipom.com> | 2020-05-27 21:17:35 -0700 |
---|---|---|
committer | Phil Dibowitz <phil@ipom.com> | 2020-05-27 21:25:21 -0700 |
commit | 93b7ff643e8f05201f0f70696cde6a32daa8b63b (patch) | |
tree | f320888cd709584dfcde5f06fcde2a0a397bb70f | |
parent | 6a9f4c82a0d96c3d58199eeea1f0f0ebe2f2f8b6 (diff) | |
download | chef-93b7ff643e8f05201f0f70696cde6a32daa8b63b.tar.gz |
Update to ssl_verify_mode on remote_file
So it turns out the `berkshelf` has been passing it's entire `options`
hash into `Chef::HTTP` this whole time, which, we should probably fix.
However, one of those options was `:ssl_verify_mode`. We ignore entries
in the `options` hash we don't recognize so this was fine, but suddenly
we recognize it. But we expected it to be class, and they're passing
in symbols. Whoops!
This makes that all work and puts the symbol->class conversion inside
of `Chef::HTTP`.
Signed-off-by: Phil Dibowitz <phil@ipom.com>
-rw-r--r-- | lib/chef/http.rb | 16 | ||||
-rw-r--r-- | lib/chef/provider/remote_file/http.rb | 7 |
2 files changed, 16 insertions, 7 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb index d34718d048..207c616086 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -292,6 +292,21 @@ class Chef private # @api private + def ssl_policy + return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode] + + case @options[:ssl_verify_mode] + when :verify_none + Chef::HTTP::VerifyNoneSSLPolicy + when :verify_peer + Chef::HTTP::VerifyPeerSSLPolicy + else + Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy") + Chef::HTTP::APISSLPolicy + end + end + + # @api private def build_http_client(base_url) if chef_zero_uri?(base_url) # PERFORMANCE CRITICAL: *MUST* lazy require here otherwise we load up webrick @@ -304,7 +319,6 @@ class Chef SocketlessChefZeroClient.new(base_url) else - ssl_policy = @options[:ssl_verify_mode] || Chef::HTTP::APISSLPolicy BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives) end end diff --git a/lib/chef/provider/remote_file/http.rb b/lib/chef/provider/remote_file/http.rb index 67a8fe803d..26332c061f 100644 --- a/lib/chef/provider/remote_file/http.rb +++ b/lib/chef/provider/remote_file/http.rb @@ -135,12 +135,7 @@ class Chef opts[:disable_gzip] = true end if new_resource.ssl_verify_mode - opts[:ssl_verify_mode] = case new_resource.ssl_verify_mode - when :verify_none - Chef::HTTP::VerifyNoneSSLPolicy - when :verify_peer - Chef::HTTP::VerifyPeerSSLPolicy - end + opts[:ssl_verify_mode] = new_resource.ssl_verify_mode end opts end |