LDAP SSL verification docs are wrong concerning ca_cert parameter
After updating GitLab-CE to the latest version (9.4.2), we ran into the following issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/35752 . When we applied the supplied patch, using verify_certificates: false
did indeed work.
However, after enabling certificate verification and supplying the CA certificate in the ca_cert
parameter, it did not work anymore. A quick search through the code revealed that the ca_cert
parameter should actually be ca_file
. After changing this, ssl verification seems to work.
I was unable to fork the gitlab-ce repo (perhaps because it is too large?) so here is the diff instead:
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index e9bf2df..73a68c6 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -282,7 +282,7 @@ production: &base
#
# Example: '/etc/ca.pem'
#
- ca_cert: ''
+ ca_file: ''
# Specifies the SSL version for OpenSSL to use, if the OpenSSL default
# is not appropriate.
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md
index a7395e0..6b8b1fe 100644
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -96,7 +96,7 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
#
# Example: '/etc/ca.pem'
#
- ca_cert: ''
+ ca_file: ''
# Specifies the SSL version for OpenSSL to use, if the OpenSSL default
# is not appropriate.
Edited by Mathias Aerts