Expose SSLContext#extra_chain_cert in Net::HTTP

stouset · hsbt · commit 9e14a627b675 · 2020-08-03T18:57:01.000+09:00
Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.

This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users. [Feature #9758]
diff --git a/lib/net/http.rb b/lib/net/http.rb
@@ -851,6 +851,7 @@ def use_ssl=(flag)
       :@cert,
       :@cert_store,
       :@ciphers,
+      :@extra_chain_cert,
       :@key,
       :@ssl_timeout,
       :@ssl_version,
@@ -867,6 +868,7 @@ def use_ssl=(flag)
       :cert,
       :cert_store,
       :ciphers,
+      :extra_chain_cert
       :key,
       :ssl_timeout,
       :ssl_version,
@@ -897,6 +899,10 @@ def use_ssl=(flag)
     # Sets the available ciphers.  See OpenSSL::SSL::SSLContext#ciphers=
     attr_accessor :ciphers
 
+    # Sets the extra X509 certificates to be added to the certificate chain.
+    # See OpenSSL::SSL::SSLContext#extra_chain_cert=
+    attr_accessor :extra_chain_cert
+
     # Sets an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
     # (This method is appeared in Michal Rokos's OpenSSL extension.)
     attr_accessor :key
