diff options
author | Michael Kozono <mkozono@gmail.com> | 2017-06-08 17:03:57 -0700 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2017-07-26 02:43:34 -0700 |
commit | 612b3864505a9e7445d09a80efa263cca9d8758d (patch) | |
tree | fc93e279be9a54221da7eab783eb100a59890a33 | |
parent | dcc12505aa121f809f6cf64fa7a68cc5457aca31 (diff) | |
download | gitlab-ce-612b3864505a9e7445d09a80efa263cca9d8758d.tar.gz |
Set `Net::LDAP` `ssl_version` option
-rw-r--r-- | lib/gitlab/ldap/config.rb | 1 | ||||
-rw-r--r-- | spec/lib/gitlab/ldap/config_spec.rb | 30 |
2 files changed, 31 insertions, 0 deletions
diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index 983c79a6364..a48a485dffd 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -192,6 +192,7 @@ module Gitlab end opts[:ca_file] = options['ca_file'] if options['ca_file'].present? + opts[:ssl_version] = options['ssl_version'] if options['ssl_version'].present? opts end diff --git a/spec/lib/gitlab/ldap/config_spec.rb b/spec/lib/gitlab/ldap/config_spec.rb index 4544a38876c..e24c7d6b9a2 100644 --- a/spec/lib/gitlab/ldap/config_spec.rb +++ b/spec/lib/gitlab/ldap/config_spec.rb @@ -168,6 +168,36 @@ describe Gitlab::LDAP::Config, lib: true do expect(config.adapter_options[:encryption][:tls_options]).not_to have_key(:ca_file) end end + + context 'when ssl_version is specified' do + it 'passes it through in tls_options' do + stub_ldap_config( + options: { + 'host' => 'ldap.example.com', + 'port' => 686, + 'encryption' => 'simple_tls', + 'ssl_version' => 'TLSv1_2' + } + ) + + expect(config.adapter_options[:encryption][:tls_options]).to include({ ssl_version: 'TLSv1_2' }) + end + end + + context 'when ssl_version is a blank string' do + it 'does not add the ssl_version key to tls_options' do + stub_ldap_config( + options: { + 'host' => 'ldap.example.com', + 'port' => 686, + 'encryption' => 'simple_tls', + 'ssl_version' => ' ' + } + ) + + expect(config.adapter_options[:encryption][:tls_options]).not_to have_key(:ssl_version) + end + end end describe '#omniauth_options' do |