TLS: fork does not work with custom root CA
We are using a self-signed certificate for gitaly TLS with a custom root ca. Everything works fine except the fork functionality. We nailed down the issue to the following code section: https://gitlab.com/gitlab-org/gitaly/blob/master/internal/service/repository/fork.go#L71
It seems that SSL_CERT_DIR
is not passed to the execution environment of gitaly-ssh
.
Workaround:
- Add the custom root ca certificate to the system certificate store beside of the gitlab certificate store
/cc @fh1ch @max-wittig