feat: Add config value gitoxide.http.sslNoVerify

Alvenix · Alvenix · commit 8fdd3110ebdf · 2023-11-30T15:08:33.000+03:00
This value can by overriden by GIT_SSL_NO_VERIFY env variable. We use
the value to override http.sslVerify when specifying ssl_verify in
transport Options.
diff --git a/gix/src/config/cache/init.rs b/gix/src/config/cache/init.rs
@@ -384,6 +384,10 @@ fn apply_environment_overrides(
                     let key = &gitoxide::Http::VERBOSE;
                     (env(key), key.name)
                 },
+                {
+                    let key = &gitoxide::Http::SSL_NO_VERIFY;
+                    (env(key), key.name)
+                },
                 {
                     let key = &gitoxide::Http::PROXY_AUTH_METHOD;
                     (env(key), key.name)
diff --git a/gix/src/config/tree/sections/gitoxide.rs b/gix/src/config/tree/sections/gitoxide.rs
@@ -179,6 +179,15 @@ mod subsections {
             http::SslVersion::new_ssl_version("sslVersionMax", &Gitoxide::HTTP).with_note(
                 "entirely new to set the upper bound for the allowed ssl version range. Overwrites the max bound of `http.sslVersion` if set. Min and Max must be set to become effective.",
             );
+        /// The `gitoxide.http.sslNoVerify` key.
+        ///
+        /// If set, disable SSL verification. Using this is discouraged as it can lead to
+        /// various security risks. An example where this may be needed is when an internal
+        /// git server uses a self-signed certificate and the user accepts the associated security risks.
+        pub const SSL_NO_VERIFY: keys::Boolean = keys::Boolean::new_boolean("sslNoVerify", &Gitoxide::HTTP)
+            .with_environment_override("GIT_SSL_NO_VERIFY")
+            .with_deviation("Only supported when using curl as https backend")
+            .with_note("Used to disable SSL verification. When this is enabled it takes prority over http.sslVerify.");
         /// The `gitoxide.http.proxyAuthMethod` key.
         pub const PROXY_AUTH_METHOD: http::ProxyAuthMethod =
             http::ProxyAuthMethod::new_proxy_auth_method("proxyAuthMethod", &Gitoxide::HTTP)
@@ -199,6 +208,7 @@ mod subsections {
                 &Self::CONNECT_TIMEOUT,
                 &Self::SSL_VERSION_MIN,
                 &Self::SSL_VERSION_MAX,
+                &Self::SSL_NO_VERIFY,
                 &Self::PROXY_AUTH_METHOD,
             ]
         }
diff --git a/gix/src/repository/config/transport.rs b/gix/src/repository/config/transport.rs
@@ -407,13 +407,31 @@ impl crate::Repository {
 
                     {
                         let key = "http.sslVerify";
-                        opts.ssl_verify = config
+                        let ssl_verify = config
                             .boolean_filter_by_key(key, &mut trusted_only)
                             .map(|value| config::tree::Http::SSL_VERIFY.enrich_error(value))
                             .transpose()
                             .with_leniency(lenient)
                             .map_err(config::transport::http::Error::from)?
                             .unwrap_or(true);
+
+                        let ssl_no_verify = config
+                            .boolean_filter(
+                                "gitoxide",
+                                Some("http".into()),
+                                gitoxide::Http::SSL_NO_VERIFY.name,
+                                &mut trusted_only,
+                            )
+                            .and_then(Result::ok)
+                            .unwrap_or_default();
+
+                        // ssl_no_verify take prority here because it is based on environment variable
+                        // and we try to match git behavior.
+                        if ssl_no_verify {
+                            opts.ssl_verify = false;
+                        } else {
+                            opts.ssl_verify = ssl_verify;
+                        }
                     }
 
                     #[cfg(feature = "blocking-http-transport-curl")]
diff --git a/gix/tests/gix-init.rs b/gix/tests/gix-init.rs
@@ -19,6 +19,7 @@ mod with_overrides {
             .set("GIT_HTTP_LOW_SPEED_LIMIT", "1")
             .set("GIT_HTTP_LOW_SPEED_TIME", "1")
             .set("GIT_HTTP_PROXY_AUTHMETHOD", "proxy-auth-method-env")
+            .set("GIT_SSL_NO_VERIFY", "true")
             .set("GIT_CURL_VERBOSE", "true")
             .set("https_proxy", "https-lower-override")
             .set("HTTPS_PROXY", "https-upper")
@@ -231,6 +232,7 @@ mod with_overrides {
             ]
         );
         for (key, expected) in [
+            ("gitoxide.http.sslNoVerify", "true"),
             ("gitoxide.http.verbose", "true"),
             ("gitoxide.allow.protocolFromUser", "file-allowed"),
             ("core.useReplaceRefs", "no-replace"),
