Add ssl_verify option for remote_file

Different servers have different https requirements and enforcing the API policy on all `remote_file` resources isn't reasonable. The logic around the HTTP clients and policies in Chef is... complex. This approach seemed like the best one, but I'm open to others. By default here if the user specifies nothing, `remote_file`'s http clients will fall back to the API policy, otherwise, it'll use whatever the specify. This fixes #8897 Signed-off-by: Phil Dibowitz <phil@ipom.com>
author: Phil Dibowitz <phil@ipom.com> 2020-05-09 15:53:44 -0700
committer: Phil Dibowitz <phil@ipom.com> 2020-05-18 19:06:02 -0700
commit: 28c548500f5a2de3babfd05fbd27b2e9a76ca266 (patch)
tree: 71640215d9a28b2858bff0fc8b5ffad02d478cd9 /lib/chef/http.rb
parent: a3908d26aa86e0d04bac2a87438e484311f1d763 (diff)
download: chef-28c548500f5a2de3babfd05fbd27b2e9a76ca266.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb
index 80db24fa3b..17382b0380 100644
--- a/lib/chef/http.rb
+++ b/lib/chef/http.rb
@@ -304,7 +304,8 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        BasicClient.new(base_url, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: keepalives)
+        ssl_policy = @options[:ssl_verify_mode] || Chef::HTTP::APISSLPolicy
+        BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
author	Phil Dibowitz <phil@ipom.com>	2020-05-09 15:53:44 -0700
committer	Phil Dibowitz <phil@ipom.com>	2020-05-18 19:06:02 -0700
commit	28c548500f5a2de3babfd05fbd27b2e9a76ca266 (patch)
tree	71640215d9a28b2858bff0fc8b5ffad02d478cd9 /lib/chef/http.rb
parent	a3908d26aa86e0d04bac2a87438e484311f1d763 (diff)
download	chef-28c548500f5a2de3babfd05fbd27b2e9a76ca266.tar.gz