Skip to content

Commit

Permalink
Add cert_store option (#330)
Browse files Browse the repository at this point in the history
  • Loading branch information
ussu authored Jul 2, 2024
1 parent b479700 commit 8d4d75c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ The `:ssl` transport establishes a connection to the winrm endpoint over a secur
* `:no_ssl_peer_verification` - when set to `true` ssl certificate validation is not performed. With a self signed cert, its a match made in heaven!
* `:ssl_peer_fingerprint` - when this is provided, normal certificate validation is skipped and instead the given fingerprint is matched against the certificate of the endpoint for verification.
* `:ca_trust_path` - the path to a certificate `.pem` file to trust. Its similar to the `:ssl_peer_fingerprint` but contains the entire certificate to trust.
* `:cert_store` - an OpenSSL::X509::X509::Store object used for certificate verification.

### `:kerberos`
```ruby
Expand Down
3 changes: 3 additions & 0 deletions lib/winrm/http/transport.rb
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ def initialize(endpoint, user, pass, opts)
no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
@ssl_peer_fingerprint = opts[:ssl_peer_fingerprint]
@httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path]
@httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store]
end

def send_request(message)
Expand Down Expand Up @@ -269,6 +270,7 @@ def initialize(endpoint, user, pass, opts)
no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
@ssl_peer_fingerprint = opts[:ssl_peer_fingerprint]
@httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path]
@httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store]
end
end

Expand All @@ -281,6 +283,7 @@ def initialize(endpoint, client_cert, client_key, key_pass, opts)
no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
@ssl_peer_fingerprint = opts[:ssl_peer_fingerprint]
@httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path]
@httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store]
end
end

Expand Down

0 comments on commit 8d4d75c

Please # to comment.