diff options
| author | Stan Hu <stanhu@gmail.com> | 2019-07-15 09:28:56 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-07-15 10:07:10 -0700 |
| commit | a6c0f95705fe790775deb86772173a897322bdc1 (patch) | |
| tree | 5d34732aa754882d767f8df53c69928c1238cc22 /config | |
| parent | 96277bb9d61b5aaf5c2edc388c5eabfc743478f0 (diff) | |
| download | gitlab-ce-a6c0f95705fe790775deb86772173a897322bdc1.tar.gz | |
Make httpclient respect system SSL configurationsh-fix-httpclient-ssl
By default, httpclient (and hence anything that uses rack-oauth2)
ignores the system-wide SSL certificate configuration in favor of its
own `cacert.pem`. This makes it impossible to use custom certificates
without patching that file. Until
https://github.com/nahi/httpclient/pull/386 is merged, we work around
this limitation by forcing the `HTTPClient` SSL store to use the default
system configuration.
Closes https://gitlab.com/charts/gitlab/issues/1436
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/httpclient_patch.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/config/initializers/httpclient_patch.rb b/config/initializers/httpclient_patch.rb new file mode 100644 index 00000000000..22cc5605d9b --- /dev/null +++ b/config/initializers/httpclient_patch.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +# By default, httpclient (and hence anything that uses rack-oauth2) +# ignores the system-wide SSL certificate configuration in favor of its +# own cacert.pem. This makes it impossible to use custom certificates +# without patching that file. Until +# https://github.com/nahi/httpclient/pull/386 is merged, we work around +# this limitation by forcing the HTTPClient SSL store to use the default +# system configuration. +module HTTPClient::SSLConfigDefaultPaths + def initialize(client) + super + + set_default_paths + end +end + +HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths |