Skip to content

Commit

Permalink
Fixes #36755 - Send full certificate chain to clients
Browse files Browse the repository at this point in the history 
Add option SSLExtraChainCert to the Webrick webserver, so the full
certificate chain is sent to clients during the SSL handkshake.
  • Loading branch information
@jpasqualetto
jpasqualetto committed Sep 18, 2023
1 parent 06092bb commit 37fc9b1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions lib/launcher.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def https_app(https_port, plugins = https_plugins)
:SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
:SSLPrivateKey => load_ssl_private_key(settings.ssl_private_key),
:SSLCertificate => load_ssl_certificate(settings.ssl_certificate),
:SSLExtraChainCert => File.open(settings.foreman_ssl_ca).read.each_line.slice_after(/END CERTIFICATE/).map(&:join).map { |pem| OpenSSL::X509::Certificate.new(pem) },
:SSLCACertificateFile => settings.ssl_ca_file,
:SSLOptions => ssl_options,
:SSLCiphers => CIPHERS - Proxy::SETTINGS.ssl_disabled_ciphers,
Expand Down

0 comments on commit 37fc9b1

Please sign in to comment.