From 09d7d38b0430ca6252efb63fd57aa6adc711e475 Mon Sep 17 00:00:00 2001
From: John Anderson <lampwins@gmail.com>
Date: Sun, 13 Oct 2019 01:43:08 -0400
Subject: [PATCH] implemented #3499 - Add  to Webhook model to support user
 supplied CA certificate verrification of webhook requests

---
 docs/release-notes/version-2.6.md              | 12 ++++++++++++
 .../migrations/0026_webhook_ca_file_path.py    | 18 ++++++++++++++++++
 netbox/extras/models.py                        | 13 +++++++++++++
 netbox/extras/webhooks_worker.py               |  2 ++
 4 files changed, 45 insertions(+)
 create mode 100644 netbox/extras/migrations/0026_webhook_ca_file_path.py

diff --git a/docs/release-notes/version-2.6.md b/docs/release-notes/version-2.6.md
index 2b9b3b765..54b701911 100644
--- a/docs/release-notes/version-2.6.md
+++ b/docs/release-notes/version-2.6.md
@@ -1,3 +1,15 @@
+# v2.6.7 (FUTURE)
+
+## Enhancements
+
+* [#3499](https://github.com/netbox-community/netbox/issues/3499) - Add `ca_file_path` to Webhook model to support user supplied CA certificate verrification of webhook requests
+
+## Bug Fixes
+
+
+
+---
+
 # v2.6.6 (2019-10-10)
 
 ## Notes
diff --git a/netbox/extras/migrations/0026_webhook_ca_file_path.py b/netbox/extras/migrations/0026_webhook_ca_file_path.py
new file mode 100644
index 000000000..07b5267f2
--- /dev/null
+++ b/netbox/extras/migrations/0026_webhook_ca_file_path.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.2 on 2019-10-13 05:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('extras', '0025_objectchange_time_index'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='webhook',
+            name='ca_file_path',
+            field=models.CharField(blank=True, max_length=4096, null=True),
+        ),
+    ]
diff --git a/netbox/extras/models.py b/netbox/extras/models.py
index d4125c327..4e8a56b34 100644
--- a/netbox/extras/models.py
+++ b/netbox/extras/models.py
@@ -86,6 +86,14 @@ class Webhook(models.Model):
         verbose_name='SSL verification',
         help_text="Enable SSL certificate verification. Disable with caution!"
     )
+    ca_file_path = models.CharField(
+        max_length=4096,
+        null=True,
+        blank=True,
+        verbose_name='CA File Path',
+        help_text='The specific CA certificate file to use for SSL verification. '
+                  'Leave blank to use the system defaults.'
+    )
 
     class Meta:
         unique_together = ('payload_url', 'type_create', 'type_update', 'type_delete',)
@@ -102,6 +110,11 @@ class Webhook(models.Model):
                 "You must select at least one type: create, update, and/or delete."
             )
 
+        if not self.ssl_verification and self.ca_file_path:
+            raise ValidationError({
+                'ca_file_path': 'Do not specify a CA certificate file if SSL verification is dissabled.'
+            })
+
 
 #
 # Custom fields
diff --git a/netbox/extras/webhooks_worker.py b/netbox/extras/webhooks_worker.py
index 8712092d4..c50a0a368 100644
--- a/netbox/extras/webhooks_worker.py
+++ b/netbox/extras/webhooks_worker.py
@@ -49,6 +49,8 @@ def process_webhook(webhook, data, model_name, event, timestamp, username, reque
 
     with requests.Session() as session:
         session.verify = webhook.ssl_verification
+        if webhook.ca_file_path:
+            session.verify = webhook.ca_file_path
         response = session.send(prepared_request)
 
     if response.status_code >= 200 and response.status_code <= 299: