diff options
Diffstat (limited to 'lib/gitlab/x509/signature.rb')
| -rw-r--r-- | lib/gitlab/x509/signature.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/gitlab/x509/signature.rb b/lib/gitlab/x509/signature.rb index 7d4d4d9d13a..edff1540cb3 100644 --- a/lib/gitlab/x509/signature.rb +++ b/lib/gitlab/x509/signature.rb @@ -52,6 +52,12 @@ module Gitlab strong_memoize(:cert_store) do store = OpenSSL::X509::Store.new store.set_default_paths + + if Feature.enabled?(:x509_forced_cert_loading, type: :ops) + # Forcibly load the default cert file because the OpenSSL library seemingly ignores it + store.add_file(OpenSSL::X509::DEFAULT_CERT_FILE) if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) + end + # valid_signing_time? checks the time attributes already # this flag is required, otherwise expired certificates would become # unverified when notAfter within certificate attribute is reached |