diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-22 18:09:48 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-22 18:09:48 +0300 |
commit | 640007842a876dfa551578feccfd0fe2307c522a (patch) | |
tree | 4204c45a13b9beac3040df00572ffe0ecdb0ca40 /lib/gitlab/x509 | |
parent | 421f6c92d5984d035a7a6687d70277ba88f5f92b (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/x509')
-rw-r--r-- | lib/gitlab/x509/certificate.rb | 21 | ||||
-rw-r--r-- | lib/gitlab/x509/signature.rb | 2 |
2 files changed, 20 insertions, 3 deletions
diff --git a/lib/gitlab/x509/certificate.rb b/lib/gitlab/x509/certificate.rb index 752f3c6b004..98688f504eb 100644 --- a/lib/gitlab/x509/certificate.rb +++ b/lib/gitlab/x509/certificate.rb @@ -23,6 +23,18 @@ module Gitlab include ::Gitlab::Utils::StrongMemoize end + def self.default_cert_dir + strong_memoize(:default_cert_dir) do + ENV.fetch('SSL_CERT_DIR', OpenSSL::X509::DEFAULT_CERT_DIR) + end + end + + def self.default_cert_file + strong_memoize(:default_cert_file) do + ENV.fetch('SSL_CERT_FILE', OpenSSL::X509::DEFAULT_CERT_FILE) + end + end + def self.from_strings(key_string, cert_string, ca_certs_string = nil) key = OpenSSL::PKey::RSA.new(key_string) cert = OpenSSL::X509::Certificate.new(cert_string) @@ -39,10 +51,10 @@ module Gitlab # Returns all top-level, readable files in the default CA cert directory def self.ca_certs_paths - cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"].select do |path| + cert_paths = Dir["#{default_cert_dir}/*"].select do |path| !File.directory?(path) && File.readable?(path) end - cert_paths << OpenSSL::X509::DEFAULT_CERT_FILE if File.exist? OpenSSL::X509::DEFAULT_CERT_FILE + cert_paths << default_cert_file if File.exist? default_cert_file cert_paths end @@ -61,6 +73,11 @@ module Gitlab clear_memoization(:ca_certs_bundle) end + def self.reset_default_cert_paths + clear_memoization(:default_cert_dir) + clear_memoization(:default_cert_file) + end + # Returns an array of OpenSSL::X509::Certificate objects, empty array if none found # # Ruby OpenSSL::X509::Certificate.new will only load the first diff --git a/lib/gitlab/x509/signature.rb b/lib/gitlab/x509/signature.rb index a6761e211fa..8acbfc144e9 100644 --- a/lib/gitlab/x509/signature.rb +++ b/lib/gitlab/x509/signature.rb @@ -59,7 +59,7 @@ module Gitlab if Feature.enabled?(:x509_forced_cert_loading, type: :ops) # Forcibly load the default cert file because the OpenSSL library seemingly ignores it - store.add_file(OpenSSL::X509::DEFAULT_CERT_FILE) if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) + store.add_file(Gitlab::X509::Certificate.default_cert_file) if File.exist?(Gitlab::X509::Certificate.default_cert_file) # rubocop:disable Layout/LineLength end # valid_signing_time? checks the time attributes already |