From 9a17bd26d49c93ced23afff713aeb9cd49f1e14f Mon Sep 17 00:00:00 2001 From: Taylor Blau Date: Mon, 17 Apr 2017 14:36:21 -0600 Subject: [PATCH] lfsapi/certs: use *config.URLConfig to do per-host config lookup --- lfsapi/certs.go | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/lfsapi/certs.go b/lfsapi/certs.go index 2a3bd93f..f45f758c 100644 --- a/lfsapi/certs.go +++ b/lfsapi/certs.go @@ -7,13 +7,14 @@ import ( "io/ioutil" "path/filepath" + "github.com/git-lfs/git-lfs/config" "github.com/rubyist/tracerx" ) // isCertVerificationDisabledForHost returns whether SSL certificate verification // has been disabled for the given host, or globally func isCertVerificationDisabledForHost(c *Client, host string) bool { - hostSslVerify, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslverify", host)) + hostSslVerify, _ := c.uc.Get("http", fmt.Sprintf("https://%v", host), "sslverify") if hostSslVerify == "false" { return true } @@ -24,8 +25,8 @@ func isCertVerificationDisabledForHost(c *Client, host string) bool { // isClientCertEnabledForHost returns whether client certificate // are configured for the given host func isClientCertEnabledForHost(c *Client, host string) bool { - _, hostSslKeyOk := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslKey", host)) - _, hostSslCertOk := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslCert", host)) + _, hostSslKeyOk := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey") + _, hostSslCertOk := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert") return hostSslKeyOk && hostSslCertOk } @@ -33,8 +34,8 @@ func isClientCertEnabledForHost(c *Client, host string) bool { // getClientCertForHost returns a client certificate for a specific host (which may // be "host:port" loaded from the gitconfig func getClientCertForHost(c *Client, host string) tls.Certificate { - hostSslKey, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslKey", host)) - hostSslCert, _ := c.gitEnv.Get(fmt.Sprintf("http.https://%v/.sslCert", host)) + hostSslKey, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey") + hostSslCert, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert") cert, err := tls.LoadX509KeyPair(hostSslCert, hostSslKey) if err != nil { tracerx.Printf("Error reading client cert/key %v", err) @@ -65,17 +66,8 @@ func appendRootCAsForHostFromGitconfig(osEnv Env, gitEnv Env, pool *x509.CertPoo return appendCertsFromFile(pool, cafile) } // http./.sslcainfo or http..sslcainfo - // we know we have simply "host" or "host:port" - hostKeyWithSlash := fmt.Sprintf("http.https://%v/.sslcainfo", host) - if cafile, ok := gitEnv.Get(hostKeyWithSlash); ok { - return appendCertsFromFile(pool, cafile) - } - hostKeyWithoutSlash := fmt.Sprintf("http.https://%v.sslcainfo", host) - if cafile, ok := gitEnv.Get(hostKeyWithoutSlash); ok { - return appendCertsFromFile(pool, cafile) - } - // http.sslcainfo - if cafile, ok := gitEnv.Get("http.sslcainfo"); ok { + uc := config.NewURLConfig(gitEnv) + if cafile, ok := uc.Get("http", fmt.Sprintf("https://%v/", host), "sslcainfo"); ok { return appendCertsFromFile(pool, cafile) } // GIT_SSL_CAPATH