From f86e44e734f5d610fbca82eb046a506d78a91e98 Mon Sep 17 00:00:00 2001
From: Ahmad Hassan <ahmad.hassan612@gmail.com>
Date: Mon, 17 Dec 2018 13:19:13 +0200
Subject: [PATCH] Deduplicate certificates

---
 lib/gitlab/gitaly_client.rb | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index b1130ad03ce..2f34c984e15 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -26,6 +26,7 @@ module Gitlab
       end
     end
 
+    PEM_REXP = /[-]+BEGIN CERTIFICATE[-]+.+?[-]+END CERTIFICATE[-]+/m
     SERVER_VERSION_FILE = 'GITALY_SERVER_VERSION'
     MAXIMUM_GITALY_CALLS = 35
     CLIENT_NAME = (Sidekiq.server? ? 'gitlab-sidekiq' : 'gitlab-web').freeze
@@ -62,9 +63,18 @@ module Gitlab
       cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"]
       cert_paths << OpenSSL::X509::DEFAULT_CERT_FILE if File.exist? OpenSSL::X509::DEFAULT_CERT_FILE
 
-      @certs = cert_paths.map do |cert|
-        File.read(cert)
-      end.join("\n")
+      @certs = []
+      cert_paths.each do |cert_file|
+        begin
+          File.read(cert_file).scan(PEM_REXP).each do |cert|
+            pem = OpenSSL::X509::Certificate.new(cert).to_pem
+            @certs << pem
+          end
+        rescue StandardError => e
+          Rails.logger.error "Could not load certificate #{e}"
+        end
+      end
+      @certs = @certs.uniq.join "\n"
     end
 
     def self.stub_creds(storage)