From 6c9771c94ee0d798aae88e942056808013929bc3 Mon Sep 17 00:00:00 2001
From: Javi Fontan <jfontan@opennebula.org>
Date: Fri, 17 Oct 2014 12:31:00 +0200
Subject: [PATCH] feature #3180: options for SSL certs in OCA

ONE_CERT_DIR: adds an extra directory with trusted CA certificates
ONE_DISABLE_SSL_VERIFY: disable certificate verification

Both of these options make the calls change from asynchronous (one http
connection per call) to synchronous (same http connection for all calls).
XMLRPC library creates a new HTTP object per asynchronous connection and
there is no way of passing configuration options to it.
---
 src/oca/ruby/opennebula/client.rb | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/oca/ruby/opennebula/client.rb b/src/oca/ruby/opennebula/client.rb
index f202fc1f9a..2eb906911a 100644
--- a/src/oca/ruby/opennebula/client.rb
+++ b/src/oca/ruby/opennebula/client.rb
@@ -17,6 +17,7 @@
 require 'xmlrpc/client'
 require 'bigdecimal'
 require 'stringio'
+require 'openssl'
 
 
 module OpenNebula
@@ -135,6 +136,8 @@ module OpenNebula
                 @one_endpoint = "http://localhost:2633/RPC2"
             end
 
+            @async = true
+
             timeout=nil
             timeout=options[:timeout] if options[:timeout]
 
@@ -144,6 +147,25 @@ module OpenNebula
             @server = XMLRPC::Client.new2(@one_endpoint, http_proxy, timeout)
             @server.http_header_extra = {'accept-encoding' => 'identity'}
 
+            http = @server.instance_variable_get("@http")
+
+            if options['cert_dir'] || ENV['ONE_CERT_DIR']
+                @async = false
+                cert_dir = options['cert_dir'] || ENV['ONE_CERT_DIR']
+                cert_files = Dir["#{cert_dir}/*"]
+
+                cert_store = OpenSSL::X509::Store.new
+                cert_store.set_default_paths
+                cert_files.each {|cert| cert_store.add_file(cert) }
+
+                http.cert_store = cert_store
+            end
+
+            if options['disable_ssl_verify'] || ENV['ONE_DISABLE_SSL_VERIFY']
+                @async = false
+                http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            end
+
             if defined?(OxStreamParser)
                 @server.set_parser(OxStreamParser.new)
             elsif OpenNebula::NOKOGIRI
@@ -155,7 +177,11 @@ module OpenNebula
 
         def call(action, *args)
             begin
-                response = @server.call_async("one."+action, @one_auth, *args)
+                if @async
+                    response = @server.call_async("one."+action, @one_auth, *args)
+                else
+                    response = @server.call("one."+action, @one_auth, *args)
+                end
 
                 if response[0] == false
                     Error.new(response[1], response[2])