From 00a26704069e7f4dec3a914c26777bea08ff5495 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Paulmier?= <remi.paulmier@gmail.com>
Date: Mon, 19 May 2014 17:41:13 +0200
Subject: [PATCH] added capath option to curl Downloader

---
 lib/vagrant/action/builtin/box_add.rb    |  1 +
 lib/vagrant/action/builtin/handle_box.rb |  2 ++
 lib/vagrant/util/downloader.rb           |  2 ++
 plugins/commands/box/command/add.rb      |  5 +++++
 plugins/kernel_v2/config/vm.rb           | 13 +++++++++++++
 templates/locales/en.yml                 |  2 ++
 website/docs/source/v2/cli/box.html.md   |  3 +++
 7 files changed, 28 insertions(+)

diff --git a/lib/vagrant/action/builtin/box_add.rb b/lib/vagrant/action/builtin/box_add.rb
index f695c231b..677be66d4 100644
--- a/lib/vagrant/action/builtin/box_add.rb
+++ b/lib/vagrant/action/builtin/box_add.rb
@@ -398,6 +398,7 @@ module Vagrant
 
           downloader_options = {}
           downloader_options[:ca_cert] = env[:box_download_ca_cert]
+          downloader_options[:ca_path] = env[:box_download_ca_path]
           downloader_options[:continue] = true
           downloader_options[:insecure] = env[:box_download_insecure]
           downloader_options[:client_cert] = env[:box_client_cert]
diff --git a/lib/vagrant/action/builtin/handle_box.rb b/lib/vagrant/action/builtin/handle_box.rb
index 485ec9f8c..0ecaece67 100644
--- a/lib/vagrant/action/builtin/handle_box.rb
+++ b/lib/vagrant/action/builtin/handle_box.rb
@@ -61,6 +61,7 @@ module Vagrant
 
           # Determine the set of formats that this box can be in
           box_download_ca_cert = machine.config.vm.box_download_ca_cert
+          box_download_ca_path = machine.config.vm.box_download_ca_path
           box_download_client_cert = machine.config.vm.box_download_client_cert
           box_download_insecure = machine.config.vm.box_download_insecure
           box_formats = machine.provider_options[:box_format] ||
@@ -82,6 +83,7 @@ module Vagrant
               box_version: machine.config.vm.box_version,
               box_client_cert: box_download_client_cert,
               box_download_ca_cert: box_download_ca_cert,
+              box_download_ca_path: box_download_ca_path,
               box_download_insecure: box_download_insecure,
             }))
           rescue Errors::BoxAlreadyExists
diff --git a/lib/vagrant/util/downloader.rb b/lib/vagrant/util/downloader.rb
index 398efcfc0..01d92b38e 100644
--- a/lib/vagrant/util/downloader.rb
+++ b/lib/vagrant/util/downloader.rb
@@ -43,6 +43,7 @@ module Vagrant
         # Get the various optional values
         @auth        = options[:auth]
         @ca_cert     = options[:ca_cert]
+        @ca_path     = options[:ca_path]
         @continue    = options[:continue]
         @headers     = options[:headers]
         @insecure    = options[:insecure]
@@ -195,6 +196,7 @@ module Vagrant
         ]
 
         options += ["--cacert", @ca_cert] if @ca_cert
+        options += ["--capath", @ca_path] if @ca_path
         options += ["--continue-at", "-"] if @continue
         options << "--insecure" if @insecure
         options << "--cert" << @client_cert if @client_cert
diff --git a/plugins/commands/box/command/add.rb b/plugins/commands/box/command/add.rb
index 837eddf22..a7e3d632a 100644
--- a/plugins/commands/box/command/add.rb
+++ b/plugins/commands/box/command/add.rb
@@ -29,6 +29,10 @@ module VagrantPlugins
               options[:ca_cert] = c
             end
 
+            o.on("--capath DIR", String, "CA certificate directory for SSL download") do |c|
+              options[:ca_path] = c
+            end
+
             o.on("--cert FILE", String,
                  "A client SSL cert, if needed") do |c|
               options[:client_cert] = c
@@ -84,6 +88,7 @@ module VagrantPlugins
             box_clean: options[:clean],
             box_force: options[:force],
             box_download_ca_cert: options[:ca_cert],
+            box_download_ca_path: options[:ca_path],
             box_download_client_cert: options[:client_cert],
             box_download_insecure: options[:insecure],
             ui: Vagrant::UI::Prefixed.new(@env.ui, "box"),
diff --git a/plugins/kernel_v2/config/vm.rb b/plugins/kernel_v2/config/vm.rb
index bd6de3e24..9bb0e78fa 100644
--- a/plugins/kernel_v2/config/vm.rb
+++ b/plugins/kernel_v2/config/vm.rb
@@ -21,6 +21,7 @@ module VagrantPlugins
       attr_accessor :box_url
       attr_accessor :box_version
       attr_accessor :box_download_ca_cert
+      attr_accessor :box_download_ca_path
       attr_accessor :box_download_checksum
       attr_accessor :box_download_checksum_type
       attr_accessor :box_download_client_cert
@@ -39,6 +40,7 @@ module VagrantPlugins
         @box                          = UNSET_VALUE
         @box_check_update             = UNSET_VALUE
         @box_download_ca_cert         = UNSET_VALUE
+        @box_download_ca_path         = UNSET_VALUE
         @box_download_checksum        = UNSET_VALUE
         @box_download_checksum_type   = UNSET_VALUE
         @box_download_client_cert     = UNSET_VALUE
@@ -323,6 +325,7 @@ module VagrantPlugins
         @box = nil if @box == UNSET_VALUE
         @box_check_update = true if @box_check_update == UNSET_VALUE
         @box_download_ca_cert = nil if @box_download_ca_cert == UNSET_VALUE
+        @box_download_ca_path = nil if @box_download_ca_path == UNSET_VALUE
         @box_download_checksum = nil if @box_download_checksum == UNSET_VALUE
         @box_download_checksum_type = nil if @box_download_checksum_type == UNSET_VALUE
         @box_download_client_cert = nil if @box_download_client_cert == UNSET_VALUE
@@ -518,6 +521,16 @@ module VagrantPlugins
           end
         end
 
+        if box_download_ca_path
+          path = Pathname.new(box_download_ca_path).
+            expand_path(machine.env.root_path)
+          if !path.directory?
+            errors << I18n.t(
+              "vagrant.config.vm.box_download_ca_path_not_found",
+              path: box_download_ca_path)
+          end
+        end
+
         if box_download_checksum_type
           if box_download_checksum == ""
             errors << I18n.t("vagrant.config.vm.box_download_checksum_blank")
diff --git a/templates/locales/en.yml b/templates/locales/en.yml
index 9c632eca4..38a2b2293 100644
--- a/templates/locales/en.yml
+++ b/templates/locales/en.yml
@@ -1216,6 +1216,8 @@ en:
           Invalid box version constraints: %{version}
         box_download_ca_cert_not_found: |-
           "box_download_ca_cert" file not found: %{path}
+        box_download_ca_path_not_found: |-
+          "box_download_ca_path" directory not found: %{path}
         box_download_checksum_blank: |-
           Checksum type specified but "box_download_checksum" is blank
         box_download_checksum_notblank: |-
diff --git a/website/docs/source/v2/cli/box.html.md b/website/docs/source/v2/cli/box.html.md
index 85a0cb5a5..82bd9197a 100644
--- a/website/docs/source/v2/cli/box.html.md
+++ b/website/docs/source/v2/cli/box.html.md
@@ -51,6 +51,9 @@ after the initial download.
 * `--cacert CERTFILE` - The certificate for the CA used to verify the peer.
   This should be used if the remote end doesn't use a standard root CA.
 
+* `--capath CERTDIR` - The certificate directoryt for the CA used to verify the peer.
+  This should be used if the remote end doesn't use a standard root CA.
+
 * `--cert CERTFILE` - A client certificate to use when downloading the box, if
   necessary.