Add latest changes from gitlab-org/security/gitlab@16-6-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-11-29 19:28:43 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-11-29 19:28:43 +0300
commit: 706c0db2fcea38033a4b23e9434461127deb87e1 (patch)
tree: 64c4edf52bc17a5fca557e252ede46b7032e9bc6 /app/models
parent: 925780caf1f669002af72d5a6be6a3a6551308cc (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb
index cabd3924fd6..33de5aa21aa 100644
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -35,10 +35,11 @@ class PagesDomain < ApplicationRecord
   validates :verification_code, presence: true, allow_blank: false
 
   validate :validate_pages_domain
+  validate :max_certificate_key_length, if: ->(domain) { domain.key.present? }
   validate :validate_matching_key, if: ->(domain) { domain.certificate.present? || domain.key.present? }
-  validate :validate_intermediates, if: ->(domain) { domain.certificate.present? && domain.certificate_changed? }
+  # validate_intermediates must run after key validations to skip expensive SSL validation when there is a key error
+  validate :validate_intermediates, if: ->(domain) { domain.certificate.present? && domain.certificate_changed? && errors[:key].blank? }
   validate :validate_custom_domain_count_per_project, on: :create
-  validate :max_certificate_key_length, if: ->(domain) { domain.key.present? }
 
   attribute :auto_ssl_enabled, default: -> { ::Gitlab::LetsEncrypt.enabled? }
   attribute :wildcard, default: false
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-11-29 19:28:43 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-11-29 19:28:43 +0300
commit	706c0db2fcea38033a4b23e9434461127deb87e1 (patch)
tree	64c4edf52bc17a5fca557e252ede46b7032e9bc6 /app/models
parent	925780caf1f669002af72d5a6be6a3a6551308cc (diff)