Commit 78a50fd3 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'ci-lint-ssl-error' into 'master'

Reporting SSL certificate verify errors in CI external config

See merge request gitlab-org/gitlab-ce!26750
parents 37869847 b26fd49e
---
title: Catch and report OpenSSL exceptions while fetching external configuration files
in CI::Config
merge_request: 26750
author: Drew Cimino
type: fixed
......@@ -11,7 +11,8 @@ module Gitlab
@values = values
@external_files = External::Mapper.new(values, project: project, sha: sha, user: user, expandset: expandset).process
@content = {}
rescue External::Mapper::Error => e
rescue External::Mapper::Error,
OpenSSL::SSL::SSLError => e
raise IncludeError, e.message
end
......
......@@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do
end
end
end
context 'when config includes an external configuration file via SSL web request' do
before do
stub_request(:get, 'https://sha256.badssl.com/fake.yml').to_return(body: 'image: ruby:2.6', status: 200)
stub_request(:get, 'https://self-signed.badssl.com/fake.yml')
.to_raise(OpenSSL::SSL::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)'))
end
context 'with an acceptable certificate' do
let(:values) { { include: 'https://sha256.badssl.com/fake.yml' } }
it { is_expected.to include(image: 'ruby:2.6') }
end
context 'with a self-signed certificate' do
let(:values) { { include: 'https://self-signed.badssl.com/fake.yml' } }
it 'returns a reportable configuration error' do
expect { subject }.to raise_error(described_class::IncludeError, /certificate verify failed/)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment