From c8576833475ccfd3089935573d22d6bc99c9bda0 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 18 Sep 2024 14:00:32 +0100 Subject: [PATCH] (CAT-2007) Use vendored cert files and VERIFY_PEER wth NET::HTTP on Windows --- lib/pdk/util/vendored_file.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/pdk/util/vendored_file.rb b/lib/pdk/util/vendored_file.rb index fc8bb4a15..c9df7e73c 100644 --- a/lib/pdk/util/vendored_file.rb +++ b/lib/pdk/util/vendored_file.rb @@ -51,8 +51,11 @@ def download_file uri = URI.parse(url) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true - # TODO: Get rid of this - http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Gem.win_platform? + if Gem.win_platform? + cert_path = 'C:/Program Files/Puppet Labs/DevelopmentKit\ssl\cert.pem' + http.cert = OpenSSL::X509::Certificate.new(cert_path) + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + end request = Net::HTTP::Get.new(uri.request_uri) response = http.request(request)