diff options
-rw-r--r-- | options.go | 20 | ||||
-rw-r--r-- | plumbing/transport/client/client.go | 37 | ||||
-rw-r--r-- | plumbing/transport/common.go | 4 | ||||
-rw-r--r-- | remote.go | 18 | ||||
-rw-r--r-- | repository.go | 14 | ||||
-rw-r--r-- | worktree.go | 12 |
6 files changed, 85 insertions, 20 deletions
@@ -60,6 +60,10 @@ type CloneOptions struct { // Tags describe how the tags will be fetched from the remote repository, // by default is AllTags. Tags TagMode + // InsecureSkipTLS skips ssl verify if protocol is https + InsecureSkipTLS bool + // CABundle specify additional ca bundle with system cert pool + CABundle []byte } // Validate validates the fields and sets the default values. @@ -105,6 +109,10 @@ type PullOptions struct { // Force allows the pull to update a local branch even when the remote // branch does not descend from it. Force bool + // InsecureSkipTLS skips ssl verify if protocol is https + InsecureSkipTLS bool + // CABundle specify additional ca bundle with system cert pool + CABundle []byte } // Validate validates the fields and sets the default values. @@ -155,6 +163,10 @@ type FetchOptions struct { // Force allows the fetch to update a local branch even when the remote // branch does not descend from it. Force bool + // InsecureSkipTLS skips ssl verify if protocol is https + InsecureSkipTLS bool + // CABundle specify additional ca bundle with system cert pool + CABundle []byte } // Validate validates the fields and sets the default values. @@ -194,6 +206,10 @@ type PushOptions struct { // Force allows the push to update a remote branch even when the local // branch does not descend from it. Force bool + // InsecureSkipTLS skips ssl verify if protocal is https + InsecureSkipTLS bool + // CABundle specify additional ca bundle with system cert pool + CABundle []byte } // Validate validates the fields and sets the default values. @@ -552,6 +568,10 @@ func (o *CreateTagOptions) loadConfigTagger(r *Repository) error { type ListOptions struct { // Auth credentials, if required, to use with the remote repository. Auth transport.AuthMethod + // InsecureSkipTLS skips ssl verify if protocal is https + InsecureSkipTLS bool + // CABundle specify additional ca bundle with system cert pool + CABundle []byte } // CleanOptions describes how a clean should be performed. diff --git a/plumbing/transport/client/client.go b/plumbing/transport/client/client.go index 4f6d210..20c3d05 100644 --- a/plumbing/transport/client/client.go +++ b/plumbing/transport/client/client.go @@ -3,7 +3,10 @@ package client import ( + "crypto/tls" + "crypto/x509" "fmt" + gohttp "net/http" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/file" @@ -21,6 +24,14 @@ var Protocols = map[string]transport.Transport{ "file": file.DefaultClient, } +var insecureClient = http.NewClient(&gohttp.Client{ + Transport: &gohttp.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, +}) + // InstallProtocol adds or modifies an existing protocol. func InstallProtocol(scheme string, c transport.Transport) { if c == nil { @@ -35,6 +46,31 @@ func InstallProtocol(scheme string, c transport.Transport) { // http://, https://, ssh:// and file://. // See `InstallProtocol` to add or modify protocols. func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) { + return getTransport(endpoint) +} + +func getTransport(endpoint *transport.Endpoint) (transport.Transport, error) { + if endpoint.Protocol == "https" { + if endpoint.InsecureSkipTLS { + return insecureClient, nil + } + + if len(endpoint.CaBundle) != 0 { + rootCAs, _ := x509.SystemCertPool() + if rootCAs == nil { + rootCAs = x509.NewCertPool() + } + rootCAs.AppendCertsFromPEM(endpoint.CaBundle) + return http.NewClient(&gohttp.Client{ + Transport: &gohttp.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: rootCAs, + }, + }, + }), nil + } + } + f, ok := Protocols[endpoint.Protocol] if !ok { return nil, fmt.Errorf("unsupported scheme %q", endpoint.Protocol) @@ -43,6 +79,5 @@ func NewClient(endpoint *transport.Endpoint) (transport.Transport, error) { if f == nil { return nil, fmt.Errorf("malformed client for scheme %q, client is defined as nil", endpoint.Protocol) } - return f, nil } diff --git a/plumbing/transport/common.go b/plumbing/transport/common.go index ead2155..b993c4e 100644 --- a/plumbing/transport/common.go +++ b/plumbing/transport/common.go @@ -107,6 +107,10 @@ type Endpoint struct { Port int // Path is the repository path. Path string + // InsecureSkipTLS skips ssl verify if protocal is https + InsecureSkipTLS bool + // CaBundle specify additional ca bundle with system cert pool + CaBundle []byte } var defaultPorts = map[string]int{ @@ -102,7 +102,7 @@ func (r *Remote) PushContext(ctx context.Context, o *PushOptions) (err error) { return fmt.Errorf("remote names don't match: %s != %s", o.RemoteName, r.c.Name) } - s, err := newSendPackSession(r.c.URLs[0], o.Auth) + s, err := newSendPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle) if err != nil { return err } @@ -309,7 +309,7 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen o.RefSpecs = r.c.Fetch } - s, err := newUploadPackSession(r.c.URLs[0], o.Auth) + s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle) if err != nil { return nil, err } @@ -369,8 +369,8 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen return remoteRefs, nil } -func newUploadPackSession(url string, auth transport.AuthMethod) (transport.UploadPackSession, error) { - c, ep, err := newClient(url) +func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte) (transport.UploadPackSession, error) { + c, ep, err := newClient(url, auth, insecure, cabundle) if err != nil { return nil, err } @@ -378,8 +378,8 @@ func newUploadPackSession(url string, auth transport.AuthMethod) (transport.Uplo return c.NewUploadPackSession(ep, auth) } -func newSendPackSession(url string, auth transport.AuthMethod) (transport.ReceivePackSession, error) { - c, ep, err := newClient(url) +func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte) (transport.ReceivePackSession, error) { + c, ep, err := newClient(url, auth, insecure, cabundle) if err != nil { return nil, err } @@ -387,11 +387,13 @@ func newSendPackSession(url string, auth transport.AuthMethod) (transport.Receiv return c.NewReceivePackSession(ep, auth) } -func newClient(url string) (transport.Transport, *transport.Endpoint, error) { +func newClient(url string, auth transport.AuthMethod, insecure bool, cabundle []byte) (transport.Transport, *transport.Endpoint, error) { ep, err := transport.NewEndpoint(url) if err != nil { return nil, nil, err } + ep.InsecureSkipTLS = insecure + ep.CaBundle = cabundle c, err := client.NewClient(ep) if err != nil { @@ -1025,7 +1027,7 @@ func (r *Remote) buildFetchedTags(refs memory.ReferenceStorage) (updated bool, e // List the references on the remote repository. func (r *Remote) List(o *ListOptions) (rfs []*plumbing.Reference, err error) { - s, err := newUploadPackSession(r.c.URLs[0], o.Auth) + s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle) if err != nil { return nil, err } diff --git a/repository.go b/repository.go index 36fc1f5..cc487d4 100644 --- a/repository.go +++ b/repository.go @@ -841,12 +841,14 @@ func (r *Repository) clone(ctx context.Context, o *CloneOptions) error { } ref, err := r.fetchAndUpdateReferences(ctx, &FetchOptions{ - RefSpecs: c.Fetch, - Depth: o.Depth, - Auth: o.Auth, - Progress: o.Progress, - Tags: o.Tags, - RemoteName: o.RemoteName, + RefSpecs: c.Fetch, + Depth: o.Depth, + Auth: o.Auth, + Progress: o.Progress, + Tags: o.Tags, + RemoteName: o.RemoteName, + InsecureSkipTLS: o.InsecureSkipTLS, + CABundle: o.CABundle, }, o.ReferenceName) if err != nil { return err diff --git a/worktree.go b/worktree.go index 1c89a02..73e638a 100644 --- a/worktree.go +++ b/worktree.go @@ -72,11 +72,13 @@ func (w *Worktree) PullContext(ctx context.Context, o *PullOptions) error { } fetchHead, err := remote.fetch(ctx, &FetchOptions{ - RemoteName: o.RemoteName, - Depth: o.Depth, - Auth: o.Auth, - Progress: o.Progress, - Force: o.Force, + RemoteName: o.RemoteName, + Depth: o.Depth, + Auth: o.Auth, + Progress: o.Progress, + Force: o.Force, + InsecureSkipTLS: o.InsecureSkipTLS, + CABundle: o.CABundle, }) updated := true |