diff options
| -rw-r--r-- | lib/chef/http/ssl_policies.rb | 10 | ||||
| -rw-r--r-- | spec/unit/http/ssl_policies_spec.rb | 9 |
2 files changed, 18 insertions, 1 deletions
diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb index 17b46a6762..f2a9c5b845 100644 --- a/lib/chef/http/ssl_policies.rb +++ b/lib/chef/http/ssl_policies.rb @@ -79,7 +79,7 @@ class Chef certs = Dir.glob(File.join(config.trusted_certs_dir, "*.{crt,pem}")) certs.each do |cert_file| cert = OpenSSL::X509::Certificate.new(File.read(cert_file)) - http_client.cert_store.add_cert(cert) + add_trusted_cert(cert) end end end @@ -104,6 +104,14 @@ class Chef Chef::Config end + private + + def add_trusted_cert(cert) + http_client.cert_store.add_cert(cert) + rescue OpenSSL::X509::StoreError => e + raise e unless e.message == 'cert already in hash table' + end + end class APISSLPolicy < DefaultSSLPolicy diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index c80f989180..b95e13a370 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -139,6 +139,15 @@ describe "HTTP SSL Policy" do # The system under test **SHOULD** do both of these things. http_client.cert_store.verify(additional_pem).should be_true end + + context "and some certs are duplicates" do + it "skips duplicate certs" do + # For whatever reason, OpenSSL errors out when adding a + # cert you already have to the certificate store. + ssl_policy.set_custom_certs + ssl_policy.set_custom_certs #should not raise an error + end + end end end |