From 61ba47d619f8d5854a7eab4ffb328592c7278b44 Mon Sep 17 00:00:00 2001
From: Brandur <brandur@stripe.com>
Date: Tue, 26 Jan 2016 14:16:45 -0800
Subject: [PATCH] Allow the CA bundle to be configured

As requested in #370, this will allow advanced users to configure a
certificate bundle that is expected to be more up-to-date than what
we've managed to include with the gem.
---
 README.rdoc         |  6 ++++++
 lib/stripe.rb       | 15 +++++++++++++--
 test/stripe_test.rb | 20 ++++++++++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/README.rdoc b/README.rdoc
index c9d6ba4a..3ab115fc 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -62,6 +62,12 @@ Run a single test:
 
 == Configuration
 
+=== ca_bundle_path
+
+The location of a file containing a bundle of CA certificates. By default the
+library will use an included bundle that can successfully validate Stripe
+certificates.
+
 === max_network_retries
 
 When `max_network_retries` is set to a positive integer, stripe will retry requests that 
diff --git a/lib/stripe.rb b/lib/stripe.rb
index 752609a6..4ff6d97e 100644
--- a/lib/stripe.rb
+++ b/lib/stripe.rb
@@ -72,7 +72,7 @@ module Stripe
   @max_network_retry_delay = 2
   @initial_network_retry_delay = 0.5
 
-  @ssl_bundle_path  = DEFAULT_CA_BUNDLE_PATH
+  @ca_bundle_path  = DEFAULT_CA_BUNDLE_PATH
   @verify_ssl_certs = true
 
   @open_timeout = 30
@@ -109,7 +109,7 @@ module Stripe
 
     if verify_ssl_certs
       request_opts = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
-                      :ssl_ca_file => @ssl_bundle_path}
+                      :ssl_ca_file => @ca_bundle_path}
     else
       request_opts = {:verify_ssl => false}
       unless @verify_ssl_warned
@@ -145,6 +145,17 @@ module Stripe
     [parse(response), api_key]
   end
 
+  # The location of a file containing a bundle of CA certificates. By default
+  # the library will use an included bundle that can successfully validate
+  # Stripe certificates.
+  def self.ca_bundle_path
+    @ca_bundle_path
+  end
+
+  def self.ca_bundle_path=(path)
+    @ca_bundle_path = path
+  end
+
   def self.max_network_retries
     @max_network_retries || 0
   end
diff --git a/test/stripe_test.rb b/test/stripe_test.rb
index 8d54faf8..62f10916 100644
--- a/test/stripe_test.rb
+++ b/test/stripe_test.rb
@@ -13,4 +13,24 @@ class StripeTest < Test::Unit::TestCase
       $stderr = old_stderr
     end
   end
+
+  should "allow ca_bundle_path to be configured" do
+    begin
+      old = Stripe.ca_bundle_path
+      Stripe.ca_bundle_path = "path/to/ca/bundle"
+      assert_equal "path/to/ca/bundle", Stripe.ca_bundle_path
+    ensure
+      Stripe.ca_bundle_path = old
+    end
+  end
+
+  should "allow max_network_retries to be configured" do
+    begin
+      old = Stripe.max_network_retries
+      Stripe.max_network_retries = 99
+      assert_equal 99, Stripe.max_network_retries
+    ensure
+      Stripe.max_network_retries = old
+    end
+  end
 end