diff --git a/README.md b/README.md index c594afaf..9f411eee 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,7 @@ The `:ssl` transport establishes a connection to the winrm endpoint over a secur * `:no_ssl_peer_verification` - when set to `true` ssl certificate validation is not performed. With a self signed cert, its a match made in heaven! * `:ssl_peer_fingerprint` - when this is provided, normal certificate validation is skipped and instead the given fingerprint is matched against the certificate of the endpoint for verification. * `:ca_trust_path` - the path to a certificate `.pem` file to trust. Its similar to the `:ssl_peer_fingerprint` but contains the entire certificate to trust. +* `:cert_store` - an OpenSSL::X509::X509::Store object used for certificate verification. ### `:kerberos` ```ruby diff --git a/lib/winrm/http/transport.rb b/lib/winrm/http/transport.rb index 75f50f95..cb086dfa 100644 --- a/lib/winrm/http/transport.rb +++ b/lib/winrm/http/transport.rb @@ -162,6 +162,7 @@ def initialize(endpoint, user, pass, opts) no_ssl_peer_verification! if opts[:no_ssl_peer_verification] @ssl_peer_fingerprint = opts[:ssl_peer_fingerprint] @httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path] + @httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store] end def send_request(message) @@ -269,6 +270,7 @@ def initialize(endpoint, user, pass, opts) no_ssl_peer_verification! if opts[:no_ssl_peer_verification] @ssl_peer_fingerprint = opts[:ssl_peer_fingerprint] @httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path] + @httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store] end end @@ -281,6 +283,7 @@ def initialize(endpoint, client_cert, client_key, key_pass, opts) no_ssl_peer_verification! if opts[:no_ssl_peer_verification] @ssl_peer_fingerprint = opts[:ssl_peer_fingerprint] @httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path] + @httpcli.ssl_config.cert_store = opts[:cert_store] if opts[:cert_store] end end