Use Mozilla CA cert bundle for SSL validation

2013-04-16 17:32:30 -07:00 · 2013-04-16 17:32:30 -07:00 · 2239036b59
parent 0e7a9d3c91
commit 2239036b59
3 changed files with 18 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,8 @@ BUG FIXES:
  - Follow 30x redirects when downloading boxes. [GH-1607]
  - Chef client config defaults are done properly. [GH-1609]
  - VirtualBox mounts shared folders with the proper owner/group. [GH-1611]
+  - Use the Mozilla CA cert bundle for cURL so SSL validation works
+    properly.

 ## 1.2.0 (April 16, 2013)

--- a/lib/vagrant/util/downloader.rb
+++ b/lib/vagrant/util/downloader.rb
@ -38,6 +38,16 @@ module Vagrant
        options << "--insecure" if @insecure
        options << @source

+        # Specify some options for the subprocess
+        subprocess_options = {}
+
+        # If we're in Vagrant, then we use the packaged CA bundle
+        if Vagrant.in_installer?
+          subprocess_options[:env] ||= {}
+          subprocess_options[:env]["CURL_CA_BUNDLE"] =
+            File.expand_path("cacert.pem", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+        end
+
        # This variable can contain the proc that'll be sent to
        # the subprocess execute.
        data_proc = nil
@ -45,7 +55,7 @@ module Vagrant
        if @ui
          # If we're outputting progress, then setup the subprocess to
          # tell us output so we can parse it out.
-          options << { :notify => :stderr }
+          subprocess_options[:notify] = :stderr

          progress_data = ""
          progress_regexp = /(\r(.+?))\r/
@ -93,6 +103,9 @@ module Vagrant
          end
        end

+        # Add the subprocess options onto the options we'll execute with
+        options << subprocess_options
+
        # Create the callback that is called if we are interrupted
        interrupted  = false
        int_callback = Proc.new do
--- a/test/unit/vagrant/util/downloader_test.rb
+++ b/test/unit/vagrant/util/downloader_test.rb
@ -25,7 +25,7 @@ describe Vagrant::Util::Downloader do
      let(:exit_code) { 0 }

      it "downloads the file and returns true" do
-        curl_options = ["--fail", "--location", "--max-redirs", "10", "--output", destination, source]
+        curl_options = ["--fail", "--location", "--max-redirs", "10", "--output", destination, source, {}]

        Vagrant::Util::Subprocess.should_receive(:execute).
          with("curl", *curl_options).
@ -39,7 +39,7 @@ describe Vagrant::Util::Downloader do
      let(:exit_code) { 1 }

      it "raises an exception" do
-        curl_options = ["--fail", "--location", "--max-redirs", "10", "--output", destination, source]
+        curl_options = ["--fail", "--location", "--max-redirs", "10", "--output", destination, source, {}]

        Vagrant::Util::Subprocess.should_receive(:execute).
          with("curl", *curl_options).