aboutsummaryrefslogtreecommitdiffstats
path: root/plumbing/transport
diff options
context:
space:
mode:
authorDaishan Peng <StrongMonkey@users.noreply.github.com>2021-01-27 02:48:41 -0700
committerGitHub <noreply@github.com>2021-01-27 10:48:41 +0100
commit1b1a61ad07f40197d3b9164821a096abd1710628 (patch)
tree7adecc024d32e52a54d919769941015308cf2bf1 /plumbing/transport
parentc6c9b100c97e356a653692fbed48cf8711d3e2a6 (diff)
downloadgo-git-1b1a61ad07f40197d3b9164821a096abd1710628.tar.gz
Add insecureSkipTLS and cabundle (#228)
This PR add insecureSkipTLSVerify and cabundle to any remote http calls so that https repo with private CA signed can be used. This is the equivalent of https.sslVerify and GIT_SSL_CAINFO
Diffstat (limited to 'plumbing/transport')
-rw-r--r--plumbing/transport/client/client.go37
-rw-r--r--plumbing/transport/common.go4
2 files changed, 40 insertions, 1 deletions
diff --git a/plumbing/transport/client/client.go b/plumbing/transport/client/client.go
index 4f6d210..20c3d05 100644
--- a/plumbing/transport/client/client.go
+++ b/plumbing/transport/client/client.go
@@ -3,7 +3,10 @@
package client
import (
+ "crypto/tls"
+ "crypto/x509"
"fmt"
+ gohttp "net/http"
"github.com/go-git/go-git/v5/plumbing/transport"
"github.com/go-git/go-git/v5/plumbing/transport/file"
@@ -21,6 +24,14 @@ var Protocols = map[string]transport.Transport{
"file": file.DefaultClient,
}
+var insecureClient = http.NewClient(&gohttp.Client{
+ Transport: &gohttp.Transport{
+ TLSClientConfig: &tls.Config{
+ InsecureSkipVerify: true,
+ },
+ },
+})
+
// InstallProtocol adds or modifies an existing protocol.
func InstallProtocol(scheme string, c transport.Transport) {
if c == nil {
@@ -35,6 +46,31 @@ func InstallProtocol(scheme string, c transport.Transport) {
// http://, https://, ssh:// and file://.
// See `InstallProtocol` to add or modify protocols.
func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) {
+ return getTransport(endpoint)
+}
+
+func getTransport(endpoint *transport.Endpoint) (transport.Transport, error) {
+ if endpoint.Protocol == "https" {
+ if endpoint.InsecureSkipTLS {
+ return insecureClient, nil
+ }
+
+ if len(endpoint.CaBundle) != 0 {
+ rootCAs, _ := x509.SystemCertPool()
+ if rootCAs == nil {
+ rootCAs = x509.NewCertPool()
+ }
+ rootCAs.AppendCertsFromPEM(endpoint.CaBundle)
+ return http.NewClient(&gohttp.Client{
+ Transport: &gohttp.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: rootCAs,
+ },
+ },
+ }), nil
+ }
+ }
+
f, ok := Protocols[endpoint.Protocol]
if !ok {
return nil, fmt.Errorf("unsupported scheme %q", endpoint.Protocol)
@@ -43,6 +79,5 @@ func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) {
if f == nil {
return nil, fmt.Errorf("malformed client for scheme %q, client is defined as nil", endpoint.Protocol)
}
-
return f, nil
}
diff --git a/plumbing/transport/common.go b/plumbing/transport/common.go
index ead2155..b993c4e 100644
--- a/plumbing/transport/common.go
+++ b/plumbing/transport/common.go
@@ -107,6 +107,10 @@ type Endpoint struct {
Port int
// Path is the repository path.
Path string
+ // InsecureSkipTLS skips ssl verify if protocal is https
+ InsecureSkipTLS bool
+ // CaBundle specify additional ca bundle with system cert pool
+ CaBundle []byte
}
var defaultPorts = map[string]int{