Consider the certs specified via SSL_CERT_{DIR,FILE} variables
What does this MR do and why?
Make GitLab codebase respect the presence of SSL_CERT_DIR
and SSL_CERT_FILE
variables for choosing certificate store. In regular omnibus-gitlab builds, because OpenSSL is built with /opt/gitlab/embedded/ssl/certs
as the location for certificates, OpenSSL::X509::DEFAULT_CERT_DIR
will point to that directory. However, in FIPS builds, we use system OpenSSL, but still want GitLab components to use the same directory. We do this by specifying SSL_CERT_DIR
(and SSL_CERT_FILE
) variables to the components on startup. We should ensure all the components respect that. This MR makes GitLab rails respect them.
Without this, custom certificates will be broken for specific components like Gitaly, Spamcheck etc.
Closes: #365821 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.