[#2328] Make httpclient use system certs #2329

jswk · 2021-10-04T09:11:40Z

Force httpclient to use the default system cacert configuration.
Otherwise, when the cacerts bundled with httpclient expire we are
prone to get validation errors in different places (for example,
openid_connect gem depends on this, and we were left without login).
This patch has been copied from the gitlab PR:
https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/30749/diffs.

@wziajka: please verify using system certs is safe in this case.

Fixes: #2328.

Force httpclient to use the default system cacert configuration. Otherwise, when the cacerts bundled with httpclient expire we are prone to get validation errors in different places (for example, openid_connect gem depends on this, and we were left without login). This patch has been copied from the gitlab PR: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/30749/diffs.

jswk requested review from kmarszalek and Marcelinna October 4, 2021 09:11

jswk self-assigned this Oct 4, 2021

jswk added this to the 3.23.0 milestone Oct 4, 2021

Marcelinna approved these changes Oct 4, 2021

View reviewed changes

jswk force-pushed the 2328-httpclient-cacerts branch from 588d1db to 84b0993 Compare October 5, 2021 12:26

jswk force-pushed the 2328-httpclient-cacerts branch from 84b0993 to 85a0df5 Compare October 6, 2021 07:40

kmarszalek approved these changes Oct 11, 2021

View reviewed changes

jswk merged commit d70a03c into master Oct 12, 2021

jswk deleted the 2328-httpclient-cacerts branch October 12, 2021 07:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[#2328] Make httpclient use system certs #2329

[#2328] Make httpclient use system certs #2329

jswk commented Oct 4, 2021

[#2328] Make httpclient use system certs #2329

[#2328] Make httpclient use system certs #2329

Conversation

jswk commented Oct 4, 2021