Merge pull request #1396 from puppetlabs/CAT-2007-2

(CAT-2007) Use vendored cert files and VERIFY_PEER wth NET::HTTP on Windows
puppetlabs · Sep 18, 2024 · 2cf7c7e · 2cf7c7e
2 parents 684600b + c857683
commit 2cf7c7e
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/lib/pdk/util/vendored_file.rb b/lib/pdk/util/vendored_file.rb
@@ -51,8 +51,11 @@ def download_file
         uri = URI.parse(url)
         http = Net::HTTP.new(uri.host, uri.port)
         http.use_ssl = true
-        # TODO: Get rid of this
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Gem.win_platform?
+        if Gem.win_platform?
+          cert_path = 'C:/Program Files/Puppet Labs/DevelopmentKit\ssl\cert.pem'
+          http.cert = OpenSSL::X509::Certificate.new(cert_path)
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        end
         request = Net::HTTP::Get.new(uri.request_uri)
         response = http.request(request)