Commit a6c0f957 authored by Stan Hu's avatar Stan Hu

Make httpclient respect system SSL configuration

By default, httpclient (and hence anything that uses rack-oauth2)
ignores the system-wide SSL certificate configuration in favor of its
own `cacert.pem`. This makes it impossible to use custom certificates
without patching that file. Until
https://github.com/nahi/httpclient/pull/386 is merged, we work around
this limitation by forcing the `HTTPClient` SSL store to use the default
system configuration.

Closes https://gitlab.com/charts/gitlab/issues/1436
parent 96277bb9
---
title: Make httpclient respect system SSL configuration
merge_request: 30749
author:
type: fixed
# frozen_string_literal: true
# By default, httpclient (and hence anything that uses rack-oauth2)
# ignores the system-wide SSL certificate configuration in favor of its
# own cacert.pem. This makes it impossible to use custom certificates
# without patching that file. Until
# https://github.com/nahi/httpclient/pull/386 is merged, we work around
# this limitation by forcing the HTTPClient SSL store to use the default
# system configuration.
module HTTPClient::SSLConfigDefaultPaths
def initialize(client)
super
set_default_paths
end
end
HTTPClient::SSLConfig.prepend HTTPClient::SSLConfigDefaultPaths
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment