Trusted certs directory location
Fixes #1370 (closed)
Changes the location of /etc/gitlab/ssl/trusted-certs
to /etc/gitlab/trusted-certs
.
It was a mistake to have the trusted-certs
directory within /etc/gitlab/ssl
. The former should contain only certificates and they can be world readable. The latter contains certificates and private keys that are used by Nginx.
To avoid adding more complexity to the codebase, making this change in the patch release while the number of installations impacted is low.
Alternative is to make /etc/gitlab/ssl
world readable in order to get to trusted-certs
directory. In that case we would have to make sure that all other files in /etc/gitlab/ssl
are not world readable. This adds too much complexity and adds legacy code from the start which we then need to maintain.