From d3b309bde31ce9f1bd88ac0f3d9aeba60479e7bd Mon Sep 17 00:00:00 2001
From: Dave Lasley <dave@laslabs.com>
Date: Sat, 24 Dec 2016 15:23:31 -0800
Subject: [PATCH] [IMP] Add optional certificate verification

---
 cfssl/cfssl.py            | 16 ++++++++++++++--
 cfssl/tests/test_cfssl.py |  1 +
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/cfssl/cfssl.py b/cfssl/cfssl.py
index d98a761..b32be2d 100644
--- a/cfssl/cfssl.py
+++ b/cfssl/cfssl.py
@@ -16,8 +16,19 @@ class CFSSL(object):
     https://github.com/cloudflare/cfssl/tree/master/doc/api
     """
 
-    def __init__(self, host, port, ssl=True):
+    def __init__(self, host, port, ssl=True, verify_cert=True):
+        """ Initialize the CFSSL object.
+
+        Args:
+            host (str): Host or IP of remote CFSSL instance.
+            port (int): Port number of remote CFSSL instance.
+            ssl (bool): Whether to use SSL.
+            verify_cert (bool or str): File path of CA cert for verification,
+                `True` to use system certs, or `False` to disable certificate
+                verification.
+        """
         ssl = 'https' if ssl else 'http'
+        self.verify = verify_cert
         self.uri_base = '%s://%s:%d' % (ssl, host, port)
 
     def auth_sign(self, token, request, datetime=None, remote_address=None):
@@ -72,7 +83,7 @@ def bundle(self, certificate, private_key=None,
             domain name.
 
         Returns:
-            dict: Object repesenting the bundle, with the following keys:
+            dict: Object representing the bundle, with the following keys:
                 * bundle contains the concatenated list of PEM certificates
                   forming the certificate chain; this forms the actual
                   bundle. The remaining parameters are additional metadata
@@ -365,6 +376,7 @@ def call(self, endpoint, method='GET', params=None, data=None):
             url=endpoint,
             params=params,
             data=data,
+            verify=self.verify,
         )
         response = response.json()
         if not response['success']:
diff --git a/cfssl/tests/test_cfssl.py b/cfssl/tests/test_cfssl.py
index 01c56e1..2dff9b8 100644
--- a/cfssl/tests/test_cfssl.py
+++ b/cfssl/tests/test_cfssl.py
@@ -185,6 +185,7 @@ def test_call_request(self, requests):
             url='https://test:1/api/v1/cfssl/endpoint',
             params='params',
             data='data',
+            verify=True,
         )
 
     @mock.patch.object(requests, 'request')