From b26fd49eb731492e1eda7efddb1e267e1758997c Mon Sep 17 00:00:00 2001
From: drew cimino <dcimino@gitlab.com>
Date: Thu, 4 Apr 2019 18:24:12 +0100
Subject: catching and cleanly reporting SSL errors in
 Ci::Config::External::Processor

---
 .../gitlab/ci/config/external/processor_spec.rb    | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'spec/lib/gitlab/ci/config')

diff --git a/spec/lib/gitlab/ci/config/external/processor_spec.rb b/spec/lib/gitlab/ci/config/external/processor_spec.rb
index e94bb44f990..0f58a4f1d44 100644
--- a/spec/lib/gitlab/ci/config/external/processor_spec.rb
+++ b/spec/lib/gitlab/ci/config/external/processor_spec.rb
@@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do
         end
       end
     end
+
+    context 'when config includes an external configuration file via SSL web request' do
+      before do
+        stub_request(:get, 'https://sha256.badssl.com/fake.yml').to_return(body: 'image: ruby:2.6', status: 200)
+        stub_request(:get, 'https://self-signed.badssl.com/fake.yml')
+          .to_raise(OpenSSL::SSL::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)'))
+      end
+
+      context 'with an acceptable certificate' do
+        let(:values) { { include: 'https://sha256.badssl.com/fake.yml' } }
+
+        it { is_expected.to include(image: 'ruby:2.6') }
+      end
+
+      context 'with a self-signed certificate' do
+        let(:values) { { include: 'https://self-signed.badssl.com/fake.yml' } }
+
+        it 'returns a reportable configuration error' do
+          expect { subject }.to raise_error(described_class::IncludeError, /certificate verify failed/)
+        end
+      end
+    end
   end
 end
-- 
cgit v1.2.3