Merge pull request #9925 from jaymzh/remote_file_ssl2

Update to ssl_verify_mode on remote_file
author: Tim Smith <tsmith@chef.io> 2020-05-27 23:45:12 -0700
committer: GitHub <noreply@github.com> 2020-05-27 23:45:12 -0700
commit: a5c8171cbf2680864a7e79fabc08411c29d504fa (patch)
tree: f320888cd709584dfcde5f06fcde2a0a397bb70f /lib
parent: 6a9f4c82a0d96c3d58199eeea1f0f0ebe2f2f8b6 (diff)
parent: 93b7ff643e8f05201f0f70696cde6a32daa8b63b (diff)
download: chef-a5c8171cbf2680864a7e79fabc08411c29d504fa.tar.gz
2 files changed, 16 insertions, 7 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb
index d34718d048..207c616086 100644
--- a/lib/chef/http.rb
+++ b/lib/chef/http.rb
@@ -292,6 +292,21 @@ class Chef
     private
 
     # @api private
+    def ssl_policy
+      return Chef::HTTP::APISSLPolicy unless @options[:ssl_verify_mode]
+
+      case @options[:ssl_verify_mode]
+      when :verify_none
+        Chef::HTTP::VerifyNoneSSLPolicy
+      when :verify_peer
+        Chef::HTTP::VerifyPeerSSLPolicy
+      else
+        Chef::Log.error("Chef::HTTP was passed an ssl_verify_mode of #{@options[:ssl_verify_mode]} which is unsupported. Falling back to the API policy")
+        Chef::HTTP::APISSLPolicy
+      end
+    end
+
+    # @api private
     def build_http_client(base_url)
       if chef_zero_uri?(base_url)
         # PERFORMANCE CRITICAL: *MUST* lazy require here otherwise we load up webrick
@@ -304,7 +319,6 @@ class Chef
 
         SocketlessChefZeroClient.new(base_url)
       else
-        ssl_policy = @options[:ssl_verify_mode] || Chef::HTTP::APISSLPolicy
         BasicClient.new(base_url, ssl_policy: ssl_policy, keepalives: keepalives)
       end
     end
diff --git a/lib/chef/provider/remote_file/http.rb b/lib/chef/provider/remote_file/http.rb
index 67a8fe803d..26332c061f 100644
--- a/lib/chef/provider/remote_file/http.rb
+++ b/lib/chef/provider/remote_file/http.rb
@@ -135,12 +135,7 @@ class Chef
             opts[:disable_gzip] = true
           end
           if new_resource.ssl_verify_mode
-            opts[:ssl_verify_mode] = case new_resource.ssl_verify_mode
-                                     when :verify_none
-                                       Chef::HTTP::VerifyNoneSSLPolicy
-                                     when :verify_peer
-                                       Chef::HTTP::VerifyPeerSSLPolicy
-                                     end
+            opts[:ssl_verify_mode] = new_resource.ssl_verify_mode
           end
           opts
         end
author	Tim Smith <tsmith@chef.io>	2020-05-27 23:45:12 -0700
committer	GitHub <noreply@github.com>	2020-05-27 23:45:12 -0700
commit	a5c8171cbf2680864a7e79fabc08411c29d504fa (patch)
tree	f320888cd709584dfcde5f06fcde2a0a397bb70f /lib
parent	6a9f4c82a0d96c3d58199eeea1f0f0ebe2f2f8b6 (diff)
parent	93b7ff643e8f05201f0f70696cde6a32daa8b63b (diff)
download	chef-a5c8171cbf2680864a7e79fabc08411c29d504fa.tar.gz