Commit ef33c5e6 authored by Stan Hu's avatar Stan Hu

Fix order-dependent X509 specs

The `ca_certs_bundle` method is memoized, but the state could leak
across specs. We now reset the memoized value before each example and
after the spec finishes to avoid leaking errors.

Closes https://gitlab.com/gitlab-org/gitlab/-/issues/344024
parent a1c814cb
......@@ -19,6 +19,10 @@ module Gitlab
ca_certs.map(&:to_pem).join('\n') unless ca_certs.blank?
end
class << self
include ::Gitlab::Utils::StrongMemoize
end
def self.from_strings(key_string, cert_string, ca_certs_string = nil)
key = OpenSSL::PKey::RSA.new(key_string)
cert = OpenSSL::X509::Certificate.new(cert_string)
......@@ -44,13 +48,17 @@ module Gitlab
# Returns a concatenated array of Strings, each being a PEM-coded CA certificate.
def self.ca_certs_bundle
return @certs if @certs
strong_memoize(:ca_certs_bundle) do
ca_certs_paths.flat_map do |cert_file|
load_ca_certs_bundle(File.read(cert_file))
rescue OpenSSL::OpenSSLError => e
Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file)
end.uniq.join("\n")
end
end
@certs = ca_certs_paths.flat_map do |cert_file|
load_ca_certs_bundle(File.read(cert_file))
rescue OpenSSL::OpenSSLError => e
Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file)
end.uniq.join("\n")
def self.reset_ca_certs_bundle
clear_memoization(:ca_certs_bundle)
end
# Returns an array of OpenSSL::X509::Certificate objects, empty array if none found
......
......@@ -19,6 +19,11 @@ RSpec.describe Gitlab::X509::Certificate do
before do
stub_const("OpenSSL::X509::DEFAULT_CERT_DIR", sample_ca_certs_path)
stub_const("OpenSSL::X509::DEFAULT_CERT_FILE", sample_cert)
described_class.reset_ca_certs_bundle
end
after(:context) do
described_class.reset_ca_certs_bundle
end
describe 'testing environment setup' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment