lunny/git-lfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lfsapi/certs: use *config.URLConfig to do per-host config lookup

Browse Source
This commit is contained in:
Taylor Blau 2017-04-17 14:36:21 -06:00
parent 6cb413aa66
commit 9a17bd26d4
1 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lfsapi/certs.go
View File

@ -7,13 +7,14 @@ import (
"io/ioutil"
"path/filepath"
"github.com/git-lfs/git-lfs/config"
"github.com/rubyist/tracerx"
)
// isCertVerificationDisabledForHost returns whether SSL certificate verification
// has been disabled for the given host, or globally
func isCertVerificationDisabledForHost(c *Client, host string) bool {
hostSslVerify, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslverify", host))
hostSslVerify, _ := c.uc.Get("http", fmt.Sprintf("https://%v", host), "sslverify")
if hostSslVerify == "false" {
return true
}
@ -24,8 +25,8 @@ func isCertVerificationDisabledForHost(c *Client, host string) bool {
// isClientCertEnabledForHost returns whether client certificate
// are configured for the given host
func isClientCertEnabledForHost(c *Client, host string) bool {
_, hostSslKeyOk := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslKey", host))
_, hostSslCertOk := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslCert", host))
_, hostSslKeyOk := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey")
_, hostSslCertOk := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert")
return hostSslKeyOk && hostSslCertOk
}
@ -33,8 +34,8 @@ func isClientCertEnabledForHost(c *Client, host string) bool {
// getClientCertForHost returns a client certificate for a specific host (which may
// be "host:port" loaded from the gitconfig
func getClientCertForHost(c *Client, host string) tls.Certificate {
hostSslKey, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslKey", host))
hostSslCert, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslCert", host))
hostSslKey, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey")
hostSslCert, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert")
cert, err := tls.LoadX509KeyPair(hostSslCert, hostSslKey)
if err != nil {
tracerx.Printf("Error reading client cert/key %v", err)
@ -65,17 +66,8 @@ func appendRootCAsForHostFromGitconfig(osEnv Env, gitEnv Env, pool *x509.CertPoo
return appendCertsFromFile(pool, cafile)
}
// http.<url>/.sslcainfo or http.<url>.sslcainfo
// we know we have simply "host" or "host:port"
hostKeyWithSlash := fmt.Sprintf("http.https://%v/.sslcainfo", host)
if cafile, ok := gitEnv.Get(hostKeyWithSlash); ok {
return appendCertsFromFile(pool, cafile)
}
hostKeyWithoutSlash := fmt.Sprintf("http.https://%v.sslcainfo", host)
if cafile, ok := gitEnv.Get(hostKeyWithoutSlash); ok {
return appendCertsFromFile(pool, cafile)
}
// http.sslcainfo
if cafile, ok := gitEnv.Get("http.sslcainfo"); ok {
uc := config.NewURLConfig(gitEnv)
if cafile, ok := uc.Get("http", fmt.Sprintf("https://%v/", host), "sslcainfo"); ok {
return appendCertsFromFile(pool, cafile)
}
// GIT_SSL_CAPATH