LDAP SSL verification docs are wrong concerning ca_cert parameter
After updating GitLab-CE to the latest version (9.4.2), we ran into the following issue: #35752 (closed) . When we applied the supplied patch, using
verify_certificates: false did indeed work.
However, after enabling certificate verification and supplying the CA certificate in the
ca_cert parameter, it did not work anymore. A quick search through the code revealed that the
ca_cert parameter should actually be
ca_file. After changing this, ssl verification seems to work.
I was unable to fork the gitlab-ce repo (perhaps because it is too large?) so here is the diff instead:
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index e9bf2df..73a68c6 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -282,7 +282,7 @@ production: &base # # Example: '/etc/ca.pem' # - ca_cert: '' + ca_file: '' # Specifies the SSL version for OpenSSL to use, if the OpenSSL default # is not appropriate. diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md index a7395e0..6b8b1fe 100644 --- a/doc/administration/auth/ldap.md +++ b/doc/administration/auth/ldap.md @@ -96,7 +96,7 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server # # Example: '/etc/ca.pem' # - ca_cert: '' + ca_file: '' # Specifies the SSL version for OpenSSL to use, if the OpenSSL default # is not appropriate.