summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2019-07-15 09:28:56 -0700
committerStan Hu <stanhu@gmail.com>2019-07-15 10:07:10 -0700
commita6c0f95705fe790775deb86772173a897322bdc1 (patch)
tree5d34732aa754882d767f8df53c69928c1238cc22 /config
parent96277bb9d61b5aaf5c2edc388c5eabfc743478f0 (diff)
downloadgitlab-ce-a6c0f95705fe790775deb86772173a897322bdc1.tar.gz
Make httpclient respect system SSL configurationsh-fix-httpclient-ssl
By default, httpclient (and hence anything that uses rack-oauth2) ignores the system-wide SSL certificate configuration in favor of its own `cacert.pem`. This makes it impossible to use custom certificates without patching that file. Until https://github.com/nahi/httpclient/pull/386 is merged, we work around this limitation by forcing the `HTTPClient` SSL store to use the default system configuration. Closes https://gitlab.com/charts/gitlab/issues/1436
Diffstat (limited to 'config')
-rw-r--r--config/initializers/httpclient_patch.rb18
1 files changed, 18 insertions, 0 deletions
diff --git a/config/initializers/httpclient_patch.rb b/config/initializers/httpclient_patch.rb
new file mode 100644
index 00000000000..22cc5605d9b
--- /dev/null
+++ b/config/initializers/httpclient_patch.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# By default, httpclient (and hence anything that uses rack-oauth2)
+# ignores the system-wide SSL certificate configuration in favor of its
+# own cacert.pem. This makes it impossible to use custom certificates
+# without patching that file. Until
+# https://github.com/nahi/httpclient/pull/386 is merged, we work around
+# this limitation by forcing the HTTPClient SSL store to use the default
+# system configuration.
+module HTTPClient::SSLConfigDefaultPaths
+ def initialize(client)
+ super
+
+ set_default_paths
+ end
+end
+
+HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths