commands/box/add: custom CA cert [GH-2337]

2013-11-26 19:32:56 -08:00 · 2013-11-26 19:32:56 -08:00 · cd3e19306c
parent 1e7084e1e1
commit cd3e19306c
5 changed files with 13 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -26,6 +26,8 @@ IMPROVEMENTS:
  - core: Multiple SSH keys can be specified with `config.ssh.private_key_path`
    [GH-907]
  - core: `config.vm.box_url` can be an array of URLs. [GH-1958]
+  - commands/box/add: Can now specify a custom CA cert for verifying
+    certs from a custom CA. [GH-2337]
  - commands/box/add: Can now specify a client cert when downloading a
    box. [GH-1889]
  - commands/init: Add `--output` option for specifing output path, or
--- a/lib/vagrant/action/builtin/box_add.rb
+++ b/lib/vagrant/action/builtin/box_add.rb
@ -106,6 +106,7 @@ module Vagrant
          end

          downloader_options = {}
+          downloader_options[:ca_cert] = env[:box_download_ca_cert]
          downloader_options[:continue] = true
          downloader_options[:insecure] = env[:box_download_insecure]
          downloader_options[:ui] = env[:ui]
--- a/lib/vagrant/util/downloader.rb
+++ b/lib/vagrant/util/downloader.rb
@ -20,6 +20,7 @@ module Vagrant

        # Get the various optional values
        options     ||= {}
+        @ca_cert     = options[:ca_cert]
        @continue    = options[:continue]
        @insecure    = options[:insecure]
        @ui          = options[:ui]
@ -42,6 +43,7 @@ module Vagrant
          "--output", @destination,
        ]

+        options += ["--cacert", @ca_cert] if @ca_cert
        options += ["--continue-at", "-"] if @continue
        options << "--insecure" if @insecure
        options << "--cert" << @client_cert if @client_cert
--- a/plugins/commands/box/command/add.rb
+++ b/plugins/commands/box/command/add.rb
@ -23,6 +23,10 @@ module VagrantPlugins
              options[:insecure] = i
            end

+            o.on("--cacert certfile", String, "CA certificate") do |c|
+              options[:ca_cert] = c
+            end
+
            o.on("--cert certfile", String,
                 "The client SSL cert") do |c|
              options[:client_cert] = c
@ -49,6 +53,7 @@ module VagrantPlugins
            :box_url      => argv[1],
            :box_clean    => options[:clean],
            :box_force    => options[:force],
+            :box_download_ca_cert => options[:ca_cert],
            :box_download_client_cert => options[:client_cert],
            :box_download_insecure => options[:insecure],
          })
--- a/website/docs/source/v2/cli/box.html.md
+++ b/website/docs/source/v2/cli/box.html.md
@ -38,6 +38,9 @@ after the initial download.

 ## Options

+* `--cacert CERTFILE` - The certificate for the CA used to verify the peer.
+  This should be used if the remote end doesn't use a standard root CA.
+
 * `--cert CERTFILE` - A client certificate to use when downloading the box, if
  necessary.