Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)

Reply: Tatsuki Makino : "Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)"
In reply to: Michael Gmelin : "Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Gmelin <grembo_at_freebsd.org>
Date: Wed, 03 Aug 2022 22:58:53 UTC


> On 4. Aug 2022, at 00:55, Michael Gmelin <grembo@freebsd.org> wrote:
> 
> 
> 
>> On 4. Aug 2022, at 00:38, Tatsuki Makino <tatsuki_makino@hotmail.com> wrote:
>> Hello.
>> 
>> In git-2.37.1/http.c...
>> 
>> 　　　　　　　︙
>>       if (!curl_ssl_verify) {
>>               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
>>               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
>>       } else {
>> 　　　　　　　︙
>>       if (getenv("GIT_SSL_NO_VERIFY"))
>>               curl_ssl_verify = 0;
>> 　　　　　　　︙
>> 
>> Thus, it was GIT_SSL_NO_VERIFY, not GIT_NO_SSL_VERIFY...
>> 
> 
> Thanks, I simply copy and pasted what the requester used (assuming they already tested that exact value outside of poudriere), since my response was about the mechanics of how to get that variable in and not its name.
> 
> Cheers
> Michael

p.s. I also agree that adding the self signed cert to the trust bundle is preferable to just not checking ssl at all. Git allows configuring these setting per domain by the way. I learned today that there is a service called badssl.com, which provides a couple of subdomains to simulate various error scenarios, which is quite useful when testing.