projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
14873: Custom JSON attributes that default to [] or {} when nil.
[arvados.git] / services / api / app / models / api_client_authorization.rb
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 39253e1036ba9a52b2070f9e0a7d4043fecb2d43..38538cb4ffbe8d6db29fcc430cc67620f25641b4 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -155,6 +155,12 @@ class ApiClientAuthorization < ArvadosModel
         clnt = HTTPClient.new
         if Rails.configuration.sso_insecure
           clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        else
+          # Use system CA certificates
+          ["/etc/ssl/certs/ca-certificates.crt",
+           "/etc/pki/tls/certs/ca-bundle.crt"]
+            .select { |ca_path| File.readable?(ca_path) }
+            .each { |ca_path| clnt.ssl_config.add_trust_ca(ca_path) }
         end
         remote_user = SafeJSON.load(
           clnt.get_content('https://' + host + '/arvados/v1/users/current',