Skip to content

Commit

Permalink
Support specifying CA_BUNDLE via env variables (#933)
Browse files Browse the repository at this point in the history
Fixes #925.
  • Loading branch information
quinnj authored Oct 7, 2022
1 parent 749a0c7 commit 4364f2a
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
14 changes: 13 additions & 1 deletion src/ConnectionPool.jl
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ export Connection, newconnection, releaseconnection, getrawstream, inactivesecon

using Sockets, LoggingExtras, NetworkOptions
using MbedTLS: SSLConfig, SSLContext, setup!, associate!, hostname!, handshake!
using OpenSSL
using MbedTLS, OpenSSL
using ..IOExtras, ..Conditions, ..Exceptions

const default_connection_limit = 8
Expand Down Expand Up @@ -439,6 +439,11 @@ function global_sslconfig(require_ssl_verification::Bool)::SSLConfig
default_sslconfig = SSLConfig(true)
noverify_sslconfig = SSLConfig(false)
end
if haskey(ENV, "HTTP_CA_BUNDLE")
MbedTLS.ca_chain!(default_sslconfig, MbedTLS.crt_parse(read(ENV["HTTP_CA_BUNDLE"], String)))
elseif haskey(ENV, "CURL_CA_BUNDLE")
MbedTLS.ca_chain!(default_sslconfig, MbedTLS.crt_parse(read(ENV["CURL_CA_BUNDLE"], String)))
end
return require_ssl_verification ? default_sslconfig : noverify_sslconfig
end

Expand All @@ -463,6 +468,13 @@ function getconnection(::Type{SSLStream},
tcp = getconnection(TCPSocket, host, port; kw...)
# Create SSL stream.
ssl_stream = SSLStream(tcp)
if isdefined(OpenSSL, :ca_chain!)
if haskey(ENV, "HTTP_CA_BUNDLE")
OpenSSL.ca_chain!(ssl_stream.ssl_context, ENV["HTTP_CA_BUNDLE"])
elseif haskey(ENV, "CURL_CA_BUNDLE")
OpenSSL.ca_chain!(ssl_stream.ssl_context, ENV["CURL_CA_BUNDLE"])
end
end
OpenSSL.hostname!(ssl_stream, host)
OpenSSL.connect(ssl_stream)
return ssl_stream
Expand Down
11 changes: 10 additions & 1 deletion test/client.jl
Original file line number Diff line number Diff line change
Expand Up @@ -558,7 +558,6 @@ end
findnewline(bytes) = something(findfirst(==(UInt8('\n')), bytes), 0)

@testset "readuntil on Stream" begin

HTTP.open(:GET, "http://httpbin.org/stream/5") do io
while !eof(io)
bytes = readuntil(io, findnewline)
Expand All @@ -567,7 +566,17 @@ findnewline(bytes) = something(findfirst(==(UInt8('\n')), bytes), 0)
@show x
end
end
end

@testset "CA_BUNDEL env" begin
resp = withenv("HTTP_CA_BUNDLE" => HTTP.MbedTLS.MozillaCACerts_jll.cacert) do
HTTP.get("https://httpbin.org/ip"; socket_type_tls=SSLStream)
end
@test resp.status == 200
resp = withenv("HTTP_CA_BUNDLE" => HTTP.MbedTLS.MozillaCACerts_jll.cacert) do
HTTP.get("https://httpbin.org/ip")
end
@test resp.status == 200
end

end # module

0 comments on commit 4364f2a

Please sign in to comment.