Merge remote-tracking branch 'origin/master' into fix-bulk-nameserver-change-notifications

2025-06-06 04:37:30 +02:00 · 2020-12-22 17:23:04 +02:00 · 2020-12-22 17:23:04 +02:00 · 6595da8d7f
commit 6595da8d7f
parent 8f25175cec 1d3c70ae34
2 changed files with 21 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,6 @@
+22.12.2020
+* SSL CA verification fix for Bulk renew [#1778](https://github.com/internetee/registry/pull/1778)
+
 21.12.2020
 * Bulk renew for REPP and registrar [#1763](https://github.com/internetee/registry/issues/1763)

--- a/app/models/repp_api.rb
+++ b/app/models/repp_api.rb
@ -10,13 +10,24 @@ class ReppApi

  def self.request(request, uri, registrar:)
    request.basic_auth(registrar.username, registrar.plain_text_password) if registrar
-    http = Net::HTTP.start(uri.hostname, uri.port, use_ssl: (uri.scheme == 'https'))
-    unless Rails.env.test?
-      http.cert = OpenSSL::X509::Certificate.new(File.read(ENV['cert_path']))
-      http.key = OpenSSL::PKey::RSA.new(File.read(ENV['key_path']))
-    end
-    http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development? || Rails.env.test?
+    client_cert = Rails.env.test? ? nil : File.read(ENV['cert_path'])
+    client_key = Rails.env.test? ? nil : File.read(ENV['key_path'])
+    params = ReppApi.compose_ca_auth_params(uri, client_cert, client_key)

-    http.request(request)
+    Net::HTTP.start(uri.hostname, uri.port, params) do |http|
+      http.request(request)
+    end
+  end
+
+  def self.compose_ca_auth_params(uri, client_cert, client_key)
+    params = { use_ssl: (uri.scheme == 'https') }
+    params[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Rails.env.test? || Rails.env.development?
+
+    unless Rails.env.test?
+      params[:cert] = OpenSSL::X509::Certificate.new(client_cert)
+      params[:key] = OpenSSL::PKey::RSA.new(client_key)
+    end
+
+    params
  end
 end