Deduplicate certificates

author: Ahmad Hassan <ahmad.hassan612@gmail.com> 2018-12-17 13:19:13 +0200
committer: Ahmad Hassan <ahmad.hassan612@gmail.com> 2018-12-17 14:41:04 +0200
commit: f86e44e734f5d610fbca82eb046a506d78a91e98 (patch)
tree: 3af7d94fd2c52a4d0a5c082a0d82e297757420a1
parent: d6886506a0bb8b7db3e6f4fa7dc4d5aa1632b84f (diff)
download: gitlab-ce-f86e44e734f5d610fbca82eb046a506d78a91e98.tar.gz
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index b1130ad03ce..2f34c984e15 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -26,6 +26,7 @@ module Gitlab
       end
     end
 
+    PEM_REXP = /[-]+BEGIN CERTIFICATE[-]+.+?[-]+END CERTIFICATE[-]+/m
     SERVER_VERSION_FILE = 'GITALY_SERVER_VERSION'
     MAXIMUM_GITALY_CALLS = 35
     CLIENT_NAME = (Sidekiq.server? ? 'gitlab-sidekiq' : 'gitlab-web').freeze
@@ -62,9 +63,18 @@ module Gitlab
       cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"]
       cert_paths << OpenSSL::X509::DEFAULT_CERT_FILE if File.exist? OpenSSL::X509::DEFAULT_CERT_FILE
 
-      @certs = cert_paths.map do |cert|
-        File.read(cert)
-      end.join("\n")
+      @certs = []
+      cert_paths.each do |cert_file|
+        begin
+          File.read(cert_file).scan(PEM_REXP).each do |cert|
+            pem = OpenSSL::X509::Certificate.new(cert).to_pem
+            @certs << pem
+          end
+        rescue StandardError => e
+          Rails.logger.error "Could not load certificate #{e}"
+        end
+      end
+      @certs = @certs.uniq.join "\n"
     end
 
     def self.stub_creds(storage)
author	Ahmad Hassan <ahmad.hassan612@gmail.com>	2018-12-17 13:19:13 +0200
committer	Ahmad Hassan <ahmad.hassan612@gmail.com>	2018-12-17 14:41:04 +0200
commit	f86e44e734f5d610fbca82eb046a506d78a91e98 (patch)
tree	3af7d94fd2c52a4d0a5c082a0d82e297757420a1
parent	d6886506a0bb8b7db3e6f4fa7dc4d5aa1632b84f (diff)
download	gitlab-ce-f86e44e734f5d610fbca82eb046a506d78a91e98.tar.gz