Skip to content

Commit

Permalink
feat: In gix read http.sslVerify config value and pass it to gix-tran…
Browse files Browse the repository at this point in the history
…sport.
  • Loading branch information
Alvenix authored and Byron committed Dec 1, 2023
1 parent ab6e89c commit c6e83cf
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 4 deletions.
3 changes: 3 additions & 0 deletions gix/src/config/tree/sections/http.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ impl Http {
.with_deviation(
"accepts the new 'default' value which means to use the curl default just like the empty string does",
);
/// The `http.sslVerify` key.
pub const SSL_VERIFY: keys::Boolean = keys::Boolean::new_boolean("sslVerify", &config::Tree::HTTP)
.with_deviation("Only supported when using curl as https backend");
/// The `http.proxy` key.
pub const PROXY: keys::String =
keys::String::new_string("proxy", &config::Tree::HTTP).with_deviation("fails on strings with illformed UTF-8");
Expand Down
11 changes: 11 additions & 0 deletions gix/src/repository/config/transport.rs
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,17 @@ impl crate::Repository {
}
}

{
let key = "http.sslVerify";
opts.ssl_verify = config
.boolean_filter_by_key(key, &mut trusted_only)
.map(|value| config::tree::Http::SSL_VERIFY.enrich_error(value))
.transpose()
.with_leniency(lenient)
.map_err(config::transport::http::Error::from)?
.unwrap_or(true);
}

#[cfg(feature = "blocking-http-transport-curl")]
{
let key = "http.schannelCheckRevoke";
Expand Down
5 changes: 5 additions & 0 deletions gix/tests/fixtures/make_config_repos.sh
Original file line number Diff line number Diff line change
Expand Up @@ -164,3 +164,8 @@ mkdir not-a-repo-with-files;
(cd not-a-repo-with-files
touch this that
)

git init no-ssl-verify
(cd no-ssl-verify
git config http.sslVerify false
)
13 changes: 13 additions & 0 deletions gix/tests/repository/config/transport_options.rs
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ mod http {
verbose,
ssl_ca_info,
ssl_version,
ssl_verify,
http_version,
backend,
} = http_options(&repo, None, "https://example.com/does/not/matter");
Expand Down Expand Up @@ -106,6 +107,9 @@ mod http {
max: version
})
);

assert!(ssl_verify, "SSL verification is enabled by default if not configured");

assert_eq!(http_version, Some(HttpVersion::V1_1));
}

Expand Down Expand Up @@ -314,4 +318,13 @@ mod http {
assert_eq!(opts.proxy.as_deref(), Some("http://localhost:9090"));
assert_eq!(opts.follow_redirects, FollowRedirects::Initial);
}

#[test]
fn no_ssl_verify() {
let repo = repo("no-ssl-verify");

let opts = http_options(&repo, None, "https://example.com/does/not/matter");

assert!(!opts.ssl_verify);
}
}
4 changes: 0 additions & 4 deletions src/plumbing/progress.rs
Original file line number Diff line number Diff line change
Expand Up @@ -408,10 +408,6 @@ static GIT_CONFIG: &[Record] = &[
config: "http.sslCipherList",
usage: NotPlanned { reason: "on demand" }
},
Record {
config: "http.sslVerify",
usage: NotPlanned { reason: "on demand" }
},
Record {
config: "http.sslCert",
usage: NotPlanned { reason: "on demand" }
Expand Down

0 comments on commit c6e83cf

Please sign in to comment.