Commit 752c3e4d authored by Roger Meier's avatar Roger Meier

Use V_FLAG_NO_CHECK_TIME flag for store

parent 3aa88de7
...@@ -45,6 +45,10 @@ module Gitlab ...@@ -45,6 +45,10 @@ module Gitlab
strong_memoize(:cert_store) do strong_memoize(:cert_store) do
store = OpenSSL::X509::Store.new store = OpenSSL::X509::Store.new
store.set_default_paths store.set_default_paths
# valid_signing_time? checks the time attributes already
# this flag is required, otherwise expired certificates would become
# unverified when notAfter within certificate attribute is reached
store.flags = OpenSSL::X509::V_FLAG_NO_CHECK_TIME
store store
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment