From 08d36f6458c3e1041e66a8ad8a9a7a215e23c74e Mon Sep 17 00:00:00 2001 From: Abdullah Alyan Date: Wed, 29 Nov 2023 15:30:26 +0300 Subject: [PATCH] feat: Add verify_ssl field to gix-transport Options which is used to disable SSL verification. Currently this option only works in the curl backend. --- gix-transport/src/client/blocking_io/http/curl/remote.rs | 3 +++ gix-transport/src/client/blocking_io/http/mod.rs | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/gix-transport/src/client/blocking_io/http/curl/remote.rs b/gix-transport/src/client/blocking_io/http/curl/remote.rs index e6b0bee03fe..1557f5a9cbd 100644 --- a/gix-transport/src/client/blocking_io/http/curl/remote.rs +++ b/gix-transport/src/client/blocking_io/http/curl/remote.rs @@ -157,6 +157,7 @@ pub fn new() -> ( verbose, ssl_ca_info, ssl_version, + ssl_verify, http_version, backend, }, @@ -194,6 +195,8 @@ pub fn new() -> ( } } + handle.ssl_verify_peer(ssl_verify)?; + if let Some(http_version) = http_version { let version = match http_version { HttpVersion::V1_1 => curl::easy::HttpVersion::V11, diff --git a/gix-transport/src/client/blocking_io/http/mod.rs b/gix-transport/src/client/blocking_io/http/mod.rs index 055b4ea591a..dbdb400551e 100644 --- a/gix-transport/src/client/blocking_io/http/mod.rs +++ b/gix-transport/src/client/blocking_io/http/mod.rs @@ -179,6 +179,10 @@ pub struct Options { pub ssl_ca_info: Option, /// The SSL version or version range to use, or `None` to let the TLS backend determine which versions are acceptable. pub ssl_version: Option, + /// Controls whether to perform SSL identity verification or not. Turning this off is not recommended and can lead to + /// various security risks. An example where this may be needed is when an internal git server uses a self-signed + /// certificate and the user accepts the associated security risks. + pub ssl_verify: bool, /// The HTTP version to enforce. If unset, it is implementation defined. pub http_version: Option, /// Backend specific options, if available.