Be able to set an SSL verify mode on faraday

lib/octokit/client.rb

@@ -222,6 +222,7 @@ def client_without_redirects(options = {})
       conn_opts[:url] = @api_endpoint
       conn_opts[:builder] = @middleware.dup if @middleware
       conn_opts[:proxy] = @proxy if @proxy
+      conn_opts[:ssl] = { :verify_mode => @ssl_verify_mode } if @ssl_verify_mode
       conn = Faraday.new(conn_opts) do |http|
         if basic_authenticated?
           http.basic_auth(@login, @password)

lib/octokit/configurable.rb

@@ -45,6 +45,9 @@ module Configurable
     # @!attribute proxy
     #   @see https://github.com/lostisland/faraday
     #   @return [String] URI for proxy server
+    # @!attribute ssl_verify_mode
+    #   @see https://github.com/lostisland/faraday
+    #   @return [String] SSL verify mode for ssl connections
     # @!attribute user_agent
     #   @return [String] Configure User-Agent header for requests.
     # @!attribute web_endpoint
@@ -53,7 +56,7 @@ module Configurable
     attr_accessor :access_token, :auto_paginate, :bearer_token, :client_id,
                   :client_secret, :default_media_type, :connection_options,
                   :middleware, :netrc, :netrc_file,
-                  :per_page, :proxy, :user_agent
+                  :per_page, :proxy, :ssl_verify_mode, :user_agent
     attr_writer :password, :web_endpoint, :api_endpoint, :login,
                 :management_console_endpoint, :management_console_password
 
@@ -80,6 +83,7 @@ def keys
           :per_page,
           :password,
           :proxy,
+          :ssl_verify_mode,
           :user_agent,
           :web_endpoint
         ]

lib/octokit/connection.rb

@@ -175,6 +175,7 @@ def sawyer_options
       conn_opts = @connection_options
       conn_opts[:builder] = @middleware if @middleware
       conn_opts[:proxy] = @proxy if @proxy
+      conn_opts[:ssl] = { :verify_mode => @ssl_verify_mode } if @ssl_verify_mode
       opts[:faraday] = Faraday.new(conn_opts)
 
       opts

lib/octokit/default.rb

@@ -137,6 +137,15 @@ def proxy
         ENV['OCTOKIT_PROXY']
       end
 
+      # Default SSL verify mode from ENV
+      # @return [Integer]
+      def ssl_verify_mode
+        # 0 is OpenSSL::SSL::VERIFY_NONE
+        # 1 is OpenSSL::SSL::SSL_VERIFY_PEER
+        # the standard default for SSL is SSL_VERIFY_PEER which requires a server certificate check on the client
+        ENV['OCTOKIT_SSL_VERIFY_MODE'] || 1 
+      end
+
       # Default User-Agent header string from ENV or {USER_AGENT}
       # @return [String]
       def user_agent

spec/octokit/client_spec.rb

@@ -421,6 +421,17 @@
       conn = Octokit.client.send(:agent).instance_variable_get(:"@conn")
       expect(conn.proxy[:uri].to_s).to eq('http://proxy.example.com')
     end
+    it "sets an ssl verify mode" do
+      Octokit.configure do |config|
+        config.ssl_verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      conn = Octokit.client.send(:agent).instance_variable_get(:"@conn")
+      expect(conn.ssl[:verify_mode]).to eq(OpenSSL::SSL::VERIFY_NONE)
+    end
+    it "ensures ssl verify mode is set to default when no override provided" do
+      conn = Octokit.client.send(:agent).instance_variable_get(:"@conn")
+      expect(conn.ssl[:verify_mode]).to eq(OpenSSL::SSL::VERIFY_PEER)
+    end
     it "passes along request headers for POST" do
       headers = {"X-GitHub-Foo" => "bar"}
       root_request = stub_post("/").