Merge branch 'sh-fix-httpclient-ssl' into 'master'
Make httpclient respect system SSL configuration Closes charts/gitlab#1436 See merge request gitlab-org/gitlab-ce!30749
This commit is contained in:
commit
b46cf4290b
2 changed files with 23 additions and 0 deletions
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Make httpclient respect system SSL configuration
|
||||
merge_request: 30749
|
||||
author:
|
||||
type: fixed
|
18
config/initializers/httpclient_patch.rb
Normal file
18
config/initializers/httpclient_patch.rb
Normal file
|
@ -0,0 +1,18 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# By default, httpclient (and hence anything that uses rack-oauth2)
|
||||
# ignores the system-wide SSL certificate configuration in favor of its
|
||||
# own cacert.pem. This makes it impossible to use custom certificates
|
||||
# without patching that file. Until
|
||||
# https://github.com/nahi/httpclient/pull/386 is merged, we work around
|
||||
# this limitation by forcing the HTTPClient SSL store to use the default
|
||||
# system configuration.
|
||||
module HTTPClient::SSLConfigDefaultPaths
|
||||
def initialize(client)
|
||||
super
|
||||
|
||||
set_default_paths
|
||||
end
|
||||
end
|
||||
|
||||
HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths
|
Loading…
Reference in a new issue