From cd3e19306c6e0e42bb387423ddc97c99e1539eb2 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 26 Nov 2013 19:32:56 -0800 Subject: [PATCH] commands/box/add: custom CA cert [GH-2337] --- CHANGELOG.md | 2 ++ lib/vagrant/action/builtin/box_add.rb | 1 + lib/vagrant/util/downloader.rb | 2 ++ plugins/commands/box/command/add.rb | 5 +++++ website/docs/source/v2/cli/box.html.md | 3 +++ 5 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68111d542..2918d0bcf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,8 @@ IMPROVEMENTS: - core: Multiple SSH keys can be specified with `config.ssh.private_key_path` [GH-907] - core: `config.vm.box_url` can be an array of URLs. [GH-1958] + - commands/box/add: Can now specify a custom CA cert for verifying + certs from a custom CA. [GH-2337] - commands/box/add: Can now specify a client cert when downloading a box. [GH-1889] - commands/init: Add `--output` option for specifing output path, or diff --git a/lib/vagrant/action/builtin/box_add.rb b/lib/vagrant/action/builtin/box_add.rb index c0906e7f6..8f3897dfa 100644 --- a/lib/vagrant/action/builtin/box_add.rb +++ b/lib/vagrant/action/builtin/box_add.rb @@ -106,6 +106,7 @@ module Vagrant end downloader_options = {} + downloader_options[:ca_cert] = env[:box_download_ca_cert] downloader_options[:continue] = true downloader_options[:insecure] = env[:box_download_insecure] downloader_options[:ui] = env[:ui] diff --git a/lib/vagrant/util/downloader.rb b/lib/vagrant/util/downloader.rb index e6e7d4250..6f26447d0 100644 --- a/lib/vagrant/util/downloader.rb +++ b/lib/vagrant/util/downloader.rb @@ -20,6 +20,7 @@ module Vagrant # Get the various optional values options ||= {} + @ca_cert = options[:ca_cert] @continue = options[:continue] @insecure = options[:insecure] @ui = options[:ui] @@ -42,6 +43,7 @@ module Vagrant "--output", @destination, ] + options += ["--cacert", @ca_cert] if @ca_cert options += ["--continue-at", "-"] if @continue options << "--insecure" if @insecure options << "--cert" << @client_cert if @client_cert diff --git a/plugins/commands/box/command/add.rb b/plugins/commands/box/command/add.rb index c5817dc32..3099c6c37 100644 --- a/plugins/commands/box/command/add.rb +++ b/plugins/commands/box/command/add.rb @@ -23,6 +23,10 @@ module VagrantPlugins options[:insecure] = i end + o.on("--cacert certfile", String, "CA certificate") do |c| + options[:ca_cert] = c + end + o.on("--cert certfile", String, "The client SSL cert") do |c| options[:client_cert] = c @@ -49,6 +53,7 @@ module VagrantPlugins :box_url => argv[1], :box_clean => options[:clean], :box_force => options[:force], + :box_download_ca_cert => options[:ca_cert], :box_download_client_cert => options[:client_cert], :box_download_insecure => options[:insecure], }) diff --git a/website/docs/source/v2/cli/box.html.md b/website/docs/source/v2/cli/box.html.md index a1e0e2f5e..178054136 100644 --- a/website/docs/source/v2/cli/box.html.md +++ b/website/docs/source/v2/cli/box.html.md @@ -38,6 +38,9 @@ after the initial download. ## Options +* `--cacert CERTFILE` - The certificate for the CA used to verify the peer. + This should be used if the remote end doesn't use a standard root CA. + * `--cert CERTFILE` - A client certificate to use when downloading the box, if necessary.