Skip to content

Consider the certs specified via SSL_CERT_{DIR,FILE} variables

What does this MR do and why?

Make GitLab codebase respect the presence of SSL_CERT_DIR and SSL_CERT_FILE variables for choosing certificate store. In regular omnibus-gitlab builds, because OpenSSL is built with /opt/gitlab/embedded/ssl/certs as the location for certificates, OpenSSL::X509::DEFAULT_CERT_DIR will point to that directory. However, in FIPS builds, we use system OpenSSL, but still want GitLab components to use the same directory. We do this by specifying SSL_CERT_DIR (and SSL_CERT_FILE) variables to the components on startup. We should ensure all the components respect that. This MR makes GitLab rails respect them.

Without this, custom certificates will be broken for specific components like Gitaly, Spamcheck etc.

Closes: #365821 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Balasankar 'Balu' C

Merge request reports

Loading