-
-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to http.sslVerify #1135
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -405,6 +405,17 @@ impl crate::Repository { | |
} | ||
} | ||
|
||
{ | ||
let key = "http.sslVerify"; | ||
opts.ssl_verify = config | ||
.boolean_filter_by_key(key, &mut trusted_only) | ||
.map(|value| config::tree::Http::SSL_VERIFY.enrich_error(value)) | ||
.transpose() | ||
.with_leniency(lenient) | ||
.map_err(config::transport::http::Error::from)? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Explicit mapping shouldn't be required here, even though it might be required where it was copied from. |
||
.unwrap_or(true); | ||
} | ||
|
||
#[cfg(feature = "blocking-http-transport-curl")] | ||
{ | ||
let key = "http.schannelCheckRevoke"; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -408,10 +408,6 @@ static GIT_CONFIG: &[Record] = &[ | |
config: "http.sslCipherList", | ||
usage: NotPlanned { reason: "on demand" } | ||
}, | ||
Record { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's a good rule of thumb that whenever something is removed here, it should be added as a constant. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I added the constant, but I am not sure if I should link it with the environment variable: GIT_SSL_NO_VERIFY, as I didn't add support for it and it is the negation of sslVerify. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, that's a great point! Keys can have an environment variable attached to it using this method. These then needs to be initialized here. However, as it is a negation, we'd need add our own version of that variable as Hooking up variables is quite involved, but that separation is needed to avoid global state (like environment variables) to sneak in. This way they are controlled and used exactly in one or two places in the codebase, while being introspectable via |
||
config: "http.sslVerify", | ||
usage: NotPlanned { reason: "on demand" } | ||
}, | ||
Record { | ||
config: "http.sslCert", | ||
usage: NotPlanned { reason: "on demand" } | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please take a look around and note that each of the keys above in some way references a respective static version of the key they access. This must be done here as well, and there should be a
Http::SSL_VERIFY
constant.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a debug_assert to ensure the key match the constants, is that what you meant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's close. The question is why it shouldn't (potentially) fail if the value can't be read. In this line there is an example for how to do this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay I understand what you mean, I added it.