[ARVADOS] created: 1.3.0-311-g74f35aa24
Git user
git at public.curoverse.com
Mon Feb 11 11:00:11 EST 2019
at 74f35aa24778f06e05fd24c0ca7eea26a42ccaef (commit)
commit 74f35aa24778f06e05fd24c0ca7eea26a42ccaef
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Feb 11 10:57:45 2019 -0500
14826: API server looks in CA cert path that works on CentOS
API server makes callbacks to remote clusters to validate remote
users, ensure it has the right system CA cert path to validate TLS
certs of remote clusters.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 39253e103..800439248 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -155,6 +155,12 @@ class ApiClientAuthorization < ArvadosModel
clnt = HTTPClient.new
if Rails.configuration.sso_insecure
clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ else
+ # Use system CA certificates
+ ["/etc/ssl/certs/ca-certificates.crt",
+ "/etc/pki/tls/certs/ca-bundle.crt"]
+ .select { |ca_path| File.readable?(ca_path) }
+ .each { |ca_path| @api_client.ssl_config.add_trust_ca(ca_path) }
end
remote_user = SafeJSON.load(
clnt.get_content('https://' + host + '/arvados/v1/users/current',
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list