class HTTParty::ConnectionAdapter

def attach_ssl_certificates(http, options)
  if http.use_ssl?
    if options.fetch(:verify, true)
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
      if options[:cert_store]
        http.cert_store = options[:cert_store]
      else
        # Use the default cert store by default, i.e. system ca certs
        http.cert_store = OpenSSL::X509::Store.new
        http.cert_store.set_default_paths
      end
    else
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    end
    # Client certificate authentication
    # Note: options[:pem] must contain the content of a PEM file having the private key appended
    if options[:pem]
      http.cert = OpenSSL::X509::Certificate.new(options[:pem])
      http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password])
      http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
    end
    # PKCS12 client certificate authentication
    if options[:p12]
      p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
      http.cert = p12.certificate
      http.key = p12.key
      http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
    end
    # SSL certificate authority file and/or directory
    if options[:ssl_ca_file]
      http.ca_file = options[:ssl_ca_file]
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    end
    if options[:ssl_ca_path]
      http.ca_path = options[:ssl_ca_path]
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    end
    # This is only Ruby 1.9+
    if options[:ssl_version] && http.respond_to?(:ssl_version=)
      http.ssl_version = options[:ssl_version]
    end
  end
end