Merge branch 'master' into 'master'

Allow ca_path and ca_file parameters for SMTP email configuration

Without ca_path or ca_file custom CA certs are not taken into account during the SMTP SSL/TLS handshake. This is because the cert_store context is incorrectly provided to smtp.rb.

The SSL_CERT_DIR or SSL_CERT_FILE env vars are also not taken into account by smtp.rb.

Since the SMTP email configuration allows the use of CApath and CAfile for OpenSSL, it should be allowed to set these parameters as a workaround.

Example of use:
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

Please merge.

See merge request !289

files/gitlab-config-template/gitlab.rb.template

@@ -197,6 +197,8 @@ external_url 'GENERATED_EXTERNAL_URL'
 # gitlab_rails['smtp_enable_starttls_auto'] = true
 # gitlab_rails['smtp_tls'] = false
 # gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
+# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
+# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
 
 ###############
 # GitLab user #

files/gitlab-cookbooks/gitlab/attributes/default.rb

@@ -169,6 +169,8 @@ default['gitlab']['gitlab-rails']['smtp_authentication'] = nil
 default['gitlab']['gitlab-rails']['smtp_enable_starttls_auto'] = nil
 default['gitlab']['gitlab-rails']['smtp_tls'] = nil
 default['gitlab']['gitlab-rails']['smtp_openssl_verify_mode'] = nil
+default['gitlab']['gitlab-rails']['smtp_ca_path'] = nil
+default['gitlab']['gitlab-rails']['smtp_ca_file'] = nil
 
 default['gitlab']['gitlab-rails']['webhook_timeout'] = nil
 

files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb

@@ -10,7 +10,7 @@ if Rails.env.production?
 
   ActionMailer::Base.smtp_settings = {
     authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
-<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode }.each do |key| %>
+<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode ca_path ca_file }.each do |key| %>
   <% value = node['gitlab'][container]["smtp_#{key}"] %>
     <%= "#{key}: #{value.inspect}," unless value.nil? %>
 <% end %>