Patch IRC config to detect RHEL cert bundle

2025-12-15 08:42:34 +00:00 · 2025-06-11 06:20:29 -04:00
parent b68d24deda
commit e239f9cd4d
1 changed files with 16 additions and 1 deletions
--- a/lib/asterisk/irc_client.rb
+++ b/lib/asterisk/irc_client.rb
@@ -10,6 +10,15 @@ class W3DHub
      TAG = "IRCClient"

      class SSL
+        # Detect system CA bundle path for SSL verification
+        def self.ca_bundle_path
+          [
+            '/etc/ssl/certs/ca-certificates.crt',      # Debian/Ubuntu
+            '/etc/pki/tls/certs/ca-bundle.crt',        # RHEL/Fedora/CentOS
+            '/etc/ssl/ca-bundle.pem'                   # Some other distros
+          ].find { |path| File.exist?(path) }
+        end
+
        def self.default_context
          verify_peer_and_hostname
        end
@@ -23,7 +32,13 @@ class W3DHub
        def self.verify_peer
          no_verify.tap do |context|
            context.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            context.cert_store = OpenSSL::X509::Store.new.tap(&:set_default_paths)
+            context.cert_store = OpenSSL::X509::Store.new
+            ca_file = ca_bundle_path
+            if ca_file
+              context.cert_store.add_file(ca_file)
+            else
+              context.cert_store.set_default_paths
+            end
          end
        end