File tree 7 files changed +46
-31
lines changed
7 files changed +46
-31
lines changed Original file line number Diff line number Diff line change @@ -384,16 +384,21 @@ fn apply_environment_overrides(
384384 let key = & gitoxide:: Http :: VERBOSE ;
385385 ( env ( key) , key. name )
386386 } ,
387- {
388- let key = & gitoxide:: Http :: SSL_NO_VERIFY ;
389- ( env ( key) , key. name )
390- } ,
391387 {
392388 let key = & gitoxide:: Http :: PROXY_AUTH_METHOD ;
393389 ( env ( key) , key. name )
394390 } ,
395391 ] ,
396392 ) ,
393+ (
394+ "gitoxide" ,
395+ Some ( Cow :: Borrowed ( "http" . into ( ) ) ) ,
396+ git_prefix,
397+ & [ {
398+ let key = & gitoxide:: Http :: SSL_NO_VERIFY ;
399+ ( env ( key) , key. name )
400+ } ] ,
401+ ) ,
397402 (
398403 "gitoxide" ,
399404 Some ( Cow :: Borrowed ( "credentials" . into ( ) ) ) ,
Original file line number Diff line number Diff line change @@ -186,8 +186,7 @@ mod subsections {
186186/// git server uses a self-signed certificate and the user accepts the associated security risks.
187187pub const SSL_NO_VERIFY : keys:: Boolean = keys:: Boolean :: new_boolean ( "sslNoVerify" , & Gitoxide :: HTTP )
188188 . with_environment_override ( "GIT_SSL_NO_VERIFY" )
189- . with_deviation ( "Only supported when using curl as https backend" )
190- . with_note ( "Used to disable SSL verification. When this is enabled it takes prority over http.sslVerify." ) ;
189+ . with_note ( "used to disable SSL verification. When this is enabled it takes priority over http.sslVerify" ) ;
191190 /// The `gitoxide.http.proxyAuthMethod` key.
192191pub const PROXY_AUTH_METHOD : http:: ProxyAuthMethod =
193192 http:: ProxyAuthMethod :: new_proxy_auth_method ( "proxyAuthMethod" , & Gitoxide :: HTTP )
Original file line number Diff line number Diff line change @@ -12,7 +12,7 @@ impl Http {
1212 ) ;
1313 /// The `http.sslVerify` key.
1414pub const SSL_VERIFY : keys:: Boolean = keys:: Boolean :: new_boolean ( "sslVerify" , & config:: Tree :: HTTP )
15- . with_deviation ( "Only supported when using curl as https backend ") ;
15+ . with_note ( "also see the `gitoxide.http.sslNoVerify` key ") ;
1616 /// The `http.proxy` key.
1717pub const PROXY : keys:: String =
1818 keys:: String :: new_string ( "proxy" , & config:: Tree :: HTTP ) . with_deviation ( "fails on strings with illformed UTF-8" ) ;
@@ -61,6 +61,7 @@ impl Section for Http {
6161 fn keys ( & self ) -> & [ & dyn Key ] {
6262 & [
6363 & Self :: SSL_VERSION ,
64+ & Self :: SSL_VERIFY ,
6465 & Self :: PROXY ,
6566 & Self :: PROXY_AUTH_METHOD ,
6667 & Self :: VERSION ,
Original file line number Diff line number Diff line change @@ -406,31 +406,26 @@ impl crate::Repository {
406406 }
407407
408408 {
409- let key = "http.sslVerify " ;
410- let ssl_verify = config
409+ let key = "gitoxide. http.sslNoVerify " ;
410+ let ssl_no_verify = config
411411 . boolean_filter_by_key ( key, & mut trusted_only)
412- . map ( |value| config:: tree:: Http :: SSL_VERIFY . enrich_error ( value) )
412+ . map ( |value| config:: tree:: gitoxide :: Http :: SSL_NO_VERIFY . enrich_error ( value) )
413413 . transpose ( )
414414 . with_leniency ( lenient)
415415 . map_err ( config:: transport:: http:: Error :: from) ?
416- . unwrap_or ( true ) ;
417-
418- let ssl_no_verify = config
419- . boolean_filter (
420- "gitoxide" ,
421- Some ( "http" . into ( ) ) ,
422- gitoxide:: Http :: SSL_NO_VERIFY . name ,
423- & mut trusted_only,
424- )
425- . and_then ( Result :: ok)
426416 . unwrap_or_default ( ) ;
427417
428- // ssl_no_verify take prority here because it is based on environment variable
429- // and we try to match git behavior.
430418 if ssl_no_verify {
431419 opts. ssl_verify = false ;
432420 } else {
433- opts. ssl_verify = ssl_verify;
421+ let key = "http.sslVerify" ;
422+ opts. ssl_verify = config
423+ . boolean_filter_by_key ( key, & mut trusted_only)
424+ . map ( |value| config:: tree:: Http :: SSL_VERIFY . enrich_error ( value) )
425+ . transpose ( )
426+ . with_leniency ( lenient)
427+ . map_err ( config:: transport:: http:: Error :: from) ?
428+ . unwrap_or ( true ) ;
434429 }
435430 }
436431
Original file line number Diff line number Diff line change 11version https://git-lfs.github.com/spec/v1
2- oid sha256:0d33c6282d94600cc6e6f32150e3b57fb523960564efacd1b3f9a13ad30643bd
3- size 15836
2+ oid sha256:6c8e4f85cbf1749c998afecef4e442e44b914d00f7626f767a06b3ad6e0cf2d2
3+ size 16376
Original file line number Diff line number Diff line change @@ -165,7 +165,13 @@ mkdir not-a-repo-with-files;
165165 touch this that
166166)
167167
168- git init no- ssl-verify
169- (cd no- ssl-verify
168+ git init ssl-verify-disabled
169+ (cd ssl-verify-disabled
170170 git config http.sslVerify false
171171)
172+
173+ git init ssl-no-verify-enabled
174+ (cd ssl-no-verify-enabled
175+ git config http.sslVerify true
176+ git config gitoxide.http.sslNoVerify true
177+ )
Original file line number Diff line number Diff line change @@ -109,7 +109,6 @@ mod http {
109109 ) ;
110110
111111 assert ! ( ssl_verify, "SSL verification is enabled by default if not configured" ) ;
112-
113112 assert_eq ! ( http_version, Some ( HttpVersion :: V1_1 ) ) ;
114113 }
115114
@@ -320,11 +319,21 @@ mod http {
320319 }
321320
322321 #[ test]
323- fn no_ssl_verify ( ) {
324- let repo = repo ( "no- ssl-verify" ) ;
322+ fn ssl_verify_disabled ( ) {
323+ let repo = repo ( "ssl-verify-disabled " ) ;
325324
326325 let opts = http_options ( & repo, None , "https://example.com/does/not/matter" ) ;
327-
328326 assert ! ( !opts. ssl_verify) ;
329327 }
328+
329+ #[ test]
330+ fn ssl_no_verify_takes_precedence ( ) {
331+ let repo = repo ( "ssl-no-verify-enabled" ) ;
332+
333+ let opts = http_options ( & repo, None , "https://example.com/does/not/matter" ) ;
334+ assert ! (
335+ !opts. ssl_verify,
336+ "even with `http.sslVerify` enabled, `gitoxide.http.sslNoVerify` takes precedence`"
337+ ) ;
338+ }
330339}
You can’t perform that action at this time.
0 commit comments