Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
commit: d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree: 2341ef426af70ad1e289c38036737e04b0aa5007 /app/models/pages_domain.rb
parent: d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download: gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz
1 files changed, 5 insertions, 8 deletions
diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb
index c932d0bf800..0c5a155d48a 100644
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -129,18 +129,15 @@ class PagesDomain < ApplicationRecord
     store = OpenSSL::X509::Store.new
     store.set_default_paths
 
-    # This forces to load all intermediate certificates stored in `certificate`
-    Tempfile.open('certificate_chain') do |f|
-      f.write(certificate)
-      f.flush
-      store.add_file(f.path)
-    end
-
-    store.verify(x509)
+    store.verify(x509, untrusted_ca_certs_bundle)
   rescue OpenSSL::X509::StoreError
     false
   end
 
+  def untrusted_ca_certs_bundle
+    ::Gitlab::X509::Certificate.load_ca_certs_bundle(certificate)
+  end
+
   def expired?
     return false unless x509
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
commit	d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree	2341ef426af70ad1e289c38036737e04b0aa5007 /app/models/pages_domain.rb
parent	d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download	gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz