Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-25 09:10:51 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-25 09:10:51 +0300
commit: c1ccb69fc9b1f07a00d3310f5fbd2e4622db9482 (patch)
tree: 1b8edbc6540c554c4d9878fa3e8b7c4f2102baea /lib/gitlab/x509
parent: e66e16c73cda415ccd03ac0a1818a58ddc4429d7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/gitlab/x509/signature.rb b/lib/gitlab/x509/signature.rb
index 7d4d4d9d13a..edff1540cb3 100644
--- a/lib/gitlab/x509/signature.rb
+++ b/lib/gitlab/x509/signature.rb
@@ -52,6 +52,12 @@ module Gitlab
         strong_memoize(:cert_store) do
           store = OpenSSL::X509::Store.new
           store.set_default_paths
+
+          if Feature.enabled?(:x509_forced_cert_loading, type: :ops)
+            # Forcibly load the default cert file because the OpenSSL library seemingly ignores it
+            store.add_file(OpenSSL::X509::DEFAULT_CERT_FILE) if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE)
+          end
+
           # valid_signing_time? checks the time attributes already
           # this flag is required, otherwise expired certificates would become
           # unverified when notAfter within certificate attribute is reached
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-25 09:10:51 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-25 09:10:51 +0300
commit	c1ccb69fc9b1f07a00d3310f5fbd2e4622db9482 (patch)
tree	1b8edbc6540c554c4d9878fa3e8b7c4f2102baea /lib/gitlab/x509
parent	e66e16c73cda415ccd03ac0a1818a58ddc4429d7 (diff)