Skip to content
Snippets Groups Projects
  1. Oct 22, 2021
  2. Oct 21, 2021
  3. Oct 20, 2021
  4. Oct 19, 2021
  5. Oct 13, 2021
  6. Oct 12, 2021
  7. Oct 11, 2021
  8. Oct 09, 2021
  9. Oct 07, 2021
  10. Oct 06, 2021
  11. Oct 05, 2021
    • Jason Plum's avatar
      Merge branch 'sh-symlink-default-cert-file' into 'master' · 24b4449c
      Jason Plum authored
      Symlink OpenSSL default cert file to Debian cert path
      
      See merge request gitlab-org/build/CNG!784
      24b4449c
    • Stan Hu's avatar
      Symlink OpenSSL default cert file to Debian cert path · 96fc28ad
      Stan Hu authored
      Debian populates certificates in `/etc/ssl/certs/ca-certificates.crt`,
      but the OpenSSL file expects the default to be in
      `/usr/lib/ssl/cert.pem`.
      
      Ruby uses `OpenSSL::X509::DEFAULT_CERT_FILE`, which is set to
      `/usr/lib/ssl/cert.pem` by default. To make it possible for Ruby
      to use this bundle path, we create a symlink to this file.
      
      Note that this in theory shouldn't have been a problem because
      `OpenSSL::X509::DEFAULT_CERT_DIR` points to `/usr/lib/ssl/certs`, which
      is a symlink to `/etc/ssl/certs`. But it appears that `DEFAULT_CERT_DIR`
      isn't used when Ruby calls `OpenSSL::X509::Store#verify`.
      
      This prevented newly-issued LetsEncrypt certificate chains from being
      verified.
      
      Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/342326
      
      Changelog: fixed
      96fc28ad
  12. Oct 04, 2021