gitoxide icon indicating copy to clipboard operation
gitoxide copied to clipboard
verified publisher icon Byron

Respect `http.sslVerify`

Open jalil-salame opened this issue 2 years ago • 5 comments

Summary 💡

I need to ignore the validity of SSL certificates (corporate proxy so security is "not a concern").

Motivation 🔦

As mentioned in https://github.com/Byron/gitoxide/issues/1103#issuecomment-1808242110. I use git/gix behind a corporate proxy which has a self-signed certificate. To use gix there I need to either not verify the certificates, or to respect the configured certificates on windows (this is not done by git/curl so I would not personally pursue this path).

jalil-salame avatar Nov 13 '23 14:11 jalil-salame

It turns out that gix knows the following about that:

❯ gix config-tree | rg sslVerify
 🤔   http.sslVerify                                       not planned ℹ on demand ℹ

It's indeed not implemented even for the curl backend, and doing so should be straightforward to wire up. Please note that in the max-pure configuration, most of the http options aren't supported, as it needs a completely separate implementation given that it relies on reqwest.

Byron avatar Nov 13 '23 15:11 Byron

or to respect the configured certificates on windows (this is not done by git/curl so I would not personally pursue this path).

Note that this does work with git under the following option;

git config --global http.sslBackend schannel

I would hope gix can also respect this setting eventually (maybe that's a separate issue though).

dirthsj avatar Nov 14 '23 03:11 dirthsj

Thanks for sharing!

I am quite sure that eventually this will be implemented as gix has a real opportunity to be more compatible to Windows than git is.

Byron avatar Nov 14 '23 17:11 Byron

As 1142 was merged, gix now respect sslVerify for the curl http backend.

Alvenix avatar Dec 04 '23 10:12 Alvenix

I second that, and add that the curl backend corresponds to the max version of gix.

Byron avatar Dec 04 '23 15:12 Byron