oxidized
oxidized copied to clipboard
ytti
enable/disable ssl certificate validation for githubrepo remote server
The githubrepo hook currently lacks of a "secure: false" option to disable SSL verification for fetch and push operations on the remote server.
I think this shouldn't be merged.
If the hook is used with GitHub as a remote, you always want certificate validation.
If used with another Git host, that host should have a valid certificate, or one signed by your private CA, with its roots installed on the server running oxidized.
If the maintainers disagree and wish to merge it, this PR needs to document the new option in the README.
@jodast please update the README to document this.
@tobbez Whilst it is good practice to enforce valid SSL, sometimes this isn't always possible so giving users the option to disable seems sane to me. Hopefully others will chime in.
@tobbez you're definitely right. A ssl certificate always should be verified. But for simple testing purpose, where it is possible that you only have a self signed certificate, it comes in pretty handy to be able to just switch the verification off.
Furthermore rugged resp. libgit2 removed support for GIT_SSL_NO_VERIFY environment variable and "http.sslverify" config. So there is no other way to bypass the verification.
Please squash these commits into one.
You can do this by first issuing git rebase -i HEAD~3, changing the first word on the lines for the two most recent commits to fixup, i.e:
pick c0a422f enable/disable ssl certificate validation for githubrepo remote server
fixup e3c0541 Update README.md
fixup 97ee141 Apply changes from review of @tobbez
save, exit and then force push the branch (git push --force-with-lease).
Other than that (and my initial objections that were overruled), LGTM.
I'm sorry for the delayed reply. I was on vacation during the last two weeks. But I will update the tests very soon.
Again, sorry for the late reply. Unfortunately I wasn't able to write the tests yet. But I'il try to finish them as soon as possible.
