Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Aug 2022 00:58:53 +0200
From:      Michael Gmelin <grembo@freebsd.org>
To:        Tatsuki Makino <tatsuki_makino@hotmail.com>
Cc:        FreeBSD User <freebsd@walstatt-de.de>, Zachary Crownover <zachary.crownover@gmail.com>, FreeBSD Ports <freebsd-ports@freebsd.org>
Subject:   Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)
Message-ID:  <D2CA38AE-0323-4B82-9200-B075B5B6A6C4@freebsd.org>
In-Reply-To: <3AED1ED6-2BDC-4615-8885-EBB7169D3F84@freebsd.org>
References:  <3AED1ED6-2BDC-4615-8885-EBB7169D3F84@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On 4. Aug 2022, at 00:55, Michael Gmelin <grembo@freebsd.org> wrote:
>=20
> =EF=BB=BF
>=20
>> On 4. Aug 2022, at 00:38, Tatsuki Makino <tatsuki_makino@hotmail.com> wro=
te:
>> =EF=BB=BFHello.
>>=20
>> In git-2.37.1/http.c...
>>=20
>> =E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=EF=B8=99
>>       if (!curl_ssl_verify) {
>>               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
>>               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
>>       } else {
>> =E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=EF=B8=99
>>       if (getenv("GIT_SSL_NO_VERIFY"))
>>               curl_ssl_verify =3D 0;
>> =E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=E3=80=80=EF=B8=99
>>=20
>> Thus, it was GIT_SSL_NO_VERIFY, not GIT_NO_SSL_VERIFY...
>>=20
>=20
> Thanks, I simply copy and pasted what the requester used (assuming they al=
ready tested that exact value outside of poudriere), since my response was a=
bout the mechanics of how to get that variable in and not its name.
>=20
> Cheers
> Michael

p.s. I also agree that adding the self signed cert to the trust bundle is pr=
eferable to just not checking ssl at all. Git allows configuring these setti=
ng per domain by the way. I learned today that there is a service called bad=
ssl.com, which provides a couple of subdomains to simulate various error sce=
narios, which is quite useful when testing.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D2CA38AE-0323-4B82-9200-B075B5B6A6C4>