Make httpclient respect system SSL configuration
By default, httpclient (and hence anything that uses rack-oauth2) ignores the system-wide SSL certificate configuration in favor of its own `cacert.pem`. This makes it impossible to use custom certificates without patching that file. Until https://github.com/nahi/httpclient/pull/386 is merged, we work around this limitation by forcing the `HTTPClient` SSL store to use the default system configuration. Closes https://gitlab.com/charts/gitlab/issues/1436
This commit is contained in:
parent
96277bb9d6
commit
a6c0f95705
2 changed files with 23 additions and 0 deletions
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Make httpclient respect system SSL configuration
|
||||||
|
merge_request: 30749
|
||||||
|
author:
|
||||||
|
type: fixed
|
18
config/initializers/httpclient_patch.rb
Normal file
18
config/initializers/httpclient_patch.rb
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# By default, httpclient (and hence anything that uses rack-oauth2)
|
||||||
|
# ignores the system-wide SSL certificate configuration in favor of its
|
||||||
|
# own cacert.pem. This makes it impossible to use custom certificates
|
||||||
|
# without patching that file. Until
|
||||||
|
# https://github.com/nahi/httpclient/pull/386 is merged, we work around
|
||||||
|
# this limitation by forcing the HTTPClient SSL store to use the default
|
||||||
|
# system configuration.
|
||||||
|
module HTTPClient::SSLConfigDefaultPaths
|
||||||
|
def initialize(client)
|
||||||
|
super
|
||||||
|
|
||||||
|
set_default_paths
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths
|
Loading…
Reference in a new issue