Add warning about certificate verification on load

author: Michael Kozono <mkozono@gmail.com> 2017-06-09 11:43:07 -0700
committer: Michael Kozono <mkozono@gmail.com> 2017-07-26 02:43:37 -0700
commit: 71c36c5bb48ad70ec6f079bbedd6114b769805fa (patch)
tree: a8526878553641986551eff918294eecd9e6fe48 /config/initializers/1_settings.rb
parent: 72d8b1e40aa96f575aac9a8c9dada09e66cd7a9d (diff)
download: gitlab-ce-71c36c5bb48ad70ec6f079bbedd6114b769805fa.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 20fe92dd6b3..201a1d062b9 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -153,7 +153,16 @@ if Settings.ldap['enabled'] || Rails.env.test?
 
     # Certificates are not verified for backwards compatibility.
     # This default should be flipped to true in 9.5.
-    server['verify_certificates'] = false if server['verify_certificates'].nil?
+    if server['verify_certificates'].nil?
+      server['verify_certificates'] = false
+
+      message = <<-MSG.strip_heredoc
+        LDAP SSL certificate verification is disabled for backwards-compatibility.
+        Please add the "verify_certificates" option to gitlab.yml for each LDAP
+        server. Certificate verification will be enabled by default in GitLab 9.5.
+      MSG
+      Rails.logger.warn(message)
+    end
   end
 end
author	Michael Kozono <mkozono@gmail.com>	2017-06-09 11:43:07 -0700
committer	Michael Kozono <mkozono@gmail.com>	2017-07-26 02:43:37 -0700
commit	71c36c5bb48ad70ec6f079bbedd6114b769805fa (patch)
tree	a8526878553641986551eff918294eecd9e6fe48 /config/initializers/1_settings.rb
parent	72d8b1e40aa96f575aac9a8c9dada09e66cd7a9d (diff)
download	gitlab-ce-71c36c5bb48ad70ec6f079bbedd6114b769805fa.tar.gz