Add peer_cert_chain to return the whole certificate chain

Author: evgeni

lib/net/http.rb

@@ -660,6 +660,8 @@ class HTTPHeaderSyntaxError < StandardError; end
   #   Sets the minimum SSL version.
   # - {#peer_cert}[rdoc-ref:Net::HTTP#peer_cert]:
   #   Returns the X509 certificate for the session's socket peer.
+  # - {#peer_cert_chain}[rdoc-ref:Net::HTTP#peer_cert_chain]:
+  #   Returns the X509 certificate chain for the session's socket peer.
   # - {:ssl_version}[rdoc-ref:Net::HTTP#ssl_version]:
   #   Returns the SSL version.
   # - {:ssl_version=}[rdoc-ref:Net::HTTP#ssl_version=]:
@@ -1601,6 +1603,16 @@ def peer_cert
       @socket.io.peer_cert
     end
 
+    # Returns the X509 certificate chain (an array of OpenSSL::X509::Certificate)
+    # for the session's socket peer,
+    # or +nil+ if none.
+    def peer_cert_chain
+      if not use_ssl? or not @socket
+        return nil
+      end
+      @socket.io.peer_cert_chain
+    end
+
     # Starts an \HTTP session.
     #
     # Without a block, returns +self+:

test/net/http/test_https.rb

@@ -39,6 +39,7 @@ def test_get
     http.request_get("/") {|res|
       assert_equal($test_net_http_data, res.body)
       assert_equal(SERVER_CERT.to_der, http.peer_cert.to_der)
+      assert_equal(SERVER_CERT.to_der, http.peer_cert_chain.first.to_der)
     }
   end
 
@@ -50,6 +51,7 @@ def test_get_SNI
     http.request_get("/") {|res|
       assert_equal($test_net_http_data, res.body)
       assert_equal(SERVER_CERT.to_der, http.peer_cert.to_der)
+      assert_equal(SERVER_CERT.to_der, http.peer_cert_chain.first.to_der)
     }
   end