Merge branch 'sh-fix-httpclient-ssl' into 'master'
Make httpclient respect system SSL configuration Closes charts/gitlab#1436 See merge request gitlab-org/gitlab-ce!30749
This commit is contained in:
commit
b46cf4290b
2 changed files with 23 additions and 0 deletions
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
5
changelogs/unreleased/sh-fix-httpclient-ssl.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Make httpclient respect system SSL configuration
|
||||||
|
merge_request: 30749
|
||||||
|
author:
|
||||||
|
type: fixed
|
18
config/initializers/httpclient_patch.rb
Normal file
18
config/initializers/httpclient_patch.rb
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# By default, httpclient (and hence anything that uses rack-oauth2)
|
||||||
|
# ignores the system-wide SSL certificate configuration in favor of its
|
||||||
|
# own cacert.pem. This makes it impossible to use custom certificates
|
||||||
|
# without patching that file. Until
|
||||||
|
# https://github.com/nahi/httpclient/pull/386 is merged, we work around
|
||||||
|
# this limitation by forcing the HTTPClient SSL store to use the default
|
||||||
|
# system configuration.
|
||||||
|
module HTTPClient::SSLConfigDefaultPaths
|
||||||
|
def initialize(client)
|
||||||
|
super
|
||||||
|
|
||||||
|
set_default_paths
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths
|
Loading…
Reference in a new issue