Fall back to c_rehash if there are multiple TLS certificates
What does this MR do and why?
This backports !8711 (merged) to 18-3-stable.
The switch to openssl rehash from c_rehash in
!8306 (merged) had
an unintended breaking change: certificates in
/etc/gitlab/trusted-certs are no longer processed if they contain
multiple certificates.
To avoid this breaking change, detect the warning and fall back to c_rehash:
!8306 (merged)
excluded c_rehash, but in case openssl rehash fails we need
to keep this for now.
rehash: warning: skipping godaddy.crt, it does not contain exactly one certificate or CRLRelated #9295 (closed)
Related #9304
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. -
The original MR has been deployed to GitLab.com (not applicable for documentation or spec changes). -
This MR has a severity label assigned (if applicable).
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releasesSlack channel (internal only).
Edited by Stan Hu