[ARVADOS] updated: 95773bc4ac9e01126a80a96fdbe0bf37d1478767

git at public.curoverse.com git at public.curoverse.com
Wed Feb 3 05:38:28 EST 2016


Summary of changes:
 apps/workbench/app/models/arvados_api_client.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

       via  95773bc4ac9e01126a80a96fdbe0bf37d1478767 (commit)
      from  4ede474fb3be39474fdd2a075d81dd351e6afefc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 95773bc4ac9e01126a80a96fdbe0bf37d1478767
Author: Brett Smith <brett at curoverse.com>
Date:   Wed Feb 3 05:37:42 2016 -0500

    Workbench loads CA certs on Red Hat.
    
    This has the same rationale and logic as #6432 and
    9b910084faf3db6fa2071af604620e7d45d12a6c, applied to Workbench.
    
    Changing from `/etc/ssl/certs` to `/etc/ssl/certs/ca-certificates.crt`
    is safe, because add_trust_ca accepts either a directory with hashed
    certs, or a file with multiple certs.  On Debian, the latter path is a
    single file built from the hashed certs in the former, so this is
    functionally identical there, and more predictable on Red Hat (where I
    don't know what it's doing).
    
    No issue #.

diff --git a/apps/workbench/app/models/arvados_api_client.rb b/apps/workbench/app/models/arvados_api_client.rb
index 4d549d1..13d4a24 100644
--- a/apps/workbench/app/models/arvados_api_client.rb
+++ b/apps/workbench/app/models/arvados_api_client.rb
@@ -89,7 +89,10 @@ class ArvadosApiClient
           @api_client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
         else
           # Use system CA certificates
-          @api_client.ssl_config.add_trust_ca('/etc/ssl/certs')
+          ["/etc/ssl/certs/ca-certificates.crt",
+           "/etc/pki/tls/certs/ca-bundle.crt"]
+            .select { |ca_path| File.readable?(ca_path) }
+            .each { |ca_path| @api_client.ssl_config.add_trust_ca(ca_path) }
         end
         if Rails.configuration.api_response_compression
           @api_client.transparent_gzip_decompression = true

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list