Commit 612b3864 authored by Michael Kozono's avatar Michael Kozono

Set `Net::LDAP` `ssl_version` option

parent dcc12505
...@@ -192,6 +192,7 @@ module Gitlab ...@@ -192,6 +192,7 @@ module Gitlab
end end
opts[:ca_file] = options['ca_file'] if options['ca_file'].present? opts[:ca_file] = options['ca_file'] if options['ca_file'].present?
opts[:ssl_version] = options['ssl_version'] if options['ssl_version'].present?
opts opts
end end
......
...@@ -168,6 +168,36 @@ describe Gitlab::LDAP::Config, lib: true do ...@@ -168,6 +168,36 @@ describe Gitlab::LDAP::Config, lib: true do
expect(config.adapter_options[:encryption][:tls_options]).not_to have_key(:ca_file) expect(config.adapter_options[:encryption][:tls_options]).not_to have_key(:ca_file)
end end
end end
context 'when ssl_version is specified' do
it 'passes it through in tls_options' do
stub_ldap_config(
options: {
'host' => 'ldap.example.com',
'port' => 686,
'encryption' => 'simple_tls',
'ssl_version' => 'TLSv1_2'
}
)
expect(config.adapter_options[:encryption][:tls_options]).to include({ ssl_version: 'TLSv1_2' })
end
end
context 'when ssl_version is a blank string' do
it 'does not add the ssl_version key to tls_options' do
stub_ldap_config(
options: {
'host' => 'ldap.example.com',
'port' => 686,
'encryption' => 'simple_tls',
'ssl_version' => ' '
}
)
expect(config.adapter_options[:encryption][:tls_options]).not_to have_key(:ssl_version)
end
end
end end
describe '#omniauth_options' do describe '#omniauth_options' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment