diff options
author | Daishan Peng <StrongMonkey@users.noreply.github.com> | 2021-01-27 02:48:41 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-27 10:48:41 +0100 |
commit | 1b1a61ad07f40197d3b9164821a096abd1710628 (patch) | |
tree | 7adecc024d32e52a54d919769941015308cf2bf1 /plumbing/transport | |
parent | c6c9b100c97e356a653692fbed48cf8711d3e2a6 (diff) | |
download | go-git-1b1a61ad07f40197d3b9164821a096abd1710628.tar.gz |
Add insecureSkipTLS and cabundle (#228)
This PR add insecureSkipTLSVerify and cabundle to any remote http calls
so that https repo with private CA signed can be used. This is the
equivalent of https.sslVerify and GIT_SSL_CAINFO
Diffstat (limited to 'plumbing/transport')
-rw-r--r-- | plumbing/transport/client/client.go | 37 | ||||
-rw-r--r-- | plumbing/transport/common.go | 4 |
2 files changed, 40 insertions, 1 deletions
diff --git a/plumbing/transport/client/client.go b/plumbing/transport/client/client.go index 4f6d210..20c3d05 100644 --- a/plumbing/transport/client/client.go +++ b/plumbing/transport/client/client.go @@ -3,7 +3,10 @@ package client import ( + "crypto/tls" + "crypto/x509" "fmt" + gohttp "net/http" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/file" @@ -21,6 +24,14 @@ var Protocols = map[string]transport.Transport{ "file": file.DefaultClient, } +var insecureClient = http.NewClient(&gohttp.Client{ + Transport: &gohttp.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, +}) + // InstallProtocol adds or modifies an existing protocol. func InstallProtocol(scheme string, c transport.Transport) { if c == nil { @@ -35,6 +46,31 @@ func InstallProtocol(scheme string, c transport.Transport) { // http://, https://, ssh:// and file://. // See `InstallProtocol` to add or modify protocols. func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) { + return getTransport(endpoint) +} + +func getTransport(endpoint *transport.Endpoint) (transport.Transport, error) { + if endpoint.Protocol == "https" { + if endpoint.InsecureSkipTLS { + return insecureClient, nil + } + + if len(endpoint.CaBundle) != 0 { + rootCAs, _ := x509.SystemCertPool() + if rootCAs == nil { + rootCAs = x509.NewCertPool() + } + rootCAs.AppendCertsFromPEM(endpoint.CaBundle) + return http.NewClient(&gohttp.Client{ + Transport: &gohttp.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: rootCAs, + }, + }, + }), nil + } + } + f, ok := Protocols[endpoint.Protocol] if !ok { return nil, fmt.Errorf("unsupported scheme %q", endpoint.Protocol) @@ -43,6 +79,5 @@ func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) { if f == nil { return nil, fmt.Errorf("malformed client for scheme %q, client is defined as nil", endpoint.Protocol) } - return f, nil } diff --git a/plumbing/transport/common.go b/plumbing/transport/common.go index ead2155..b993c4e 100644 --- a/plumbing/transport/common.go +++ b/plumbing/transport/common.go @@ -107,6 +107,10 @@ type Endpoint struct { Port int // Path is the repository path. Path string + // InsecureSkipTLS skips ssl verify if protocal is https + InsecureSkipTLS bool + // CaBundle specify additional ca bundle with system cert pool + CaBundle []byte } var defaultPorts = map[string]int{ |