diff options
author | Phil Dibowitz <phil@ipom.com> | 2020-05-09 15:53:44 -0700 |
---|---|---|
committer | Phil Dibowitz <phil@ipom.com> | 2020-05-18 19:06:02 -0700 |
commit | 28c548500f5a2de3babfd05fbd27b2e9a76ca266 (patch) | |
tree | 71640215d9a28b2858bff0fc8b5ffad02d478cd9 /lib/chef/http.rb | |
parent | a3908d26aa86e0d04bac2a87438e484311f1d763 (diff) | |
download | chef-28c548500f5a2de3babfd05fbd27b2e9a76ca266.tar.gz |
Add ssl_verify option for remote_file
Different servers have different https requirements and enforcing
the API policy on all `remote_file` resources isn't reasonable.
The logic around the HTTP clients and policies in Chef is... complex.
This approach seemed like the best one, but I'm open to others.
By default here if the user specifies nothing, `remote_file`'s http
clients will fall back to the API policy, otherwise, it'll use whatever
the specify.
This fixes #8897
Signed-off-by: Phil Dibowitz <phil@ipom.com>
Diffstat (limited to 'lib/chef/http.rb')
-rw-r--r-- | lib/chef/http.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb index 80db24fa3b..17382b0380 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -304,7 +304,8 @@ class Chef SocketlessChefZeroClient.new(base_url) else - BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives) + ssl_policy = @options[:ssl_verify_mode] || Chef::HTTP::APISSLPolicy + BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives) end end |