Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » http.sslcainfo config option
http.sslcainfo config option [message #1058841] Wed, 15 May 2013 11:39 Go to next message
R Shapiro is currently offline R ShapiroFriend
Messages: 386
Registered: June 2011
Senior Member
Is the configuration option http.sslcainfo supposed to be working in EGit/JGit? It doesn't seem to be working for me with .pem files in EGit 3.0.0.201305112223. Command-line Git (1.8.2.1) is happy with these files.

If it's not implemented yet, is it in the queue of pending tasks?

Report message to a moderator

Re: http.sslcainfo config option [message #1060195 is a reply to message #1058841] Thu, 23 May 2013 13:05 Go to previous messageGo to next message
Christian Halstrick is currently offline Christian HalstrickFriend
Messages: 274
Registered: July 2009
Senior Member
Currently http.sslcainfo is not supported by JGit. I have some ooold proposals [1], [2] which add client and server side support for certificate based authentication to JGit. They'll bring http.sslcainfo. Somehow I had not enough time to finish this and forgot about them. From my perspective the demand for this feature was also not so high. But I think it's time not to get this through. I'll continue to work on these two changes and propose some updated commits.

[1] https://git.eclipse.org/r/#/c/3199
[1] https://git.eclipse.org/r/#/c/3200

Ciao
Chris

Report message to a moderator

Re: http.sslcainfo config option [message #1060640 is a reply to message #1060195] Mon, 27 May 2013 12:41 Go to previous messageGo to next message
R Shapiro is currently offline R ShapiroFriend
Messages: 386
Registered: June 2011
Senior Member
The main utility of http.sslcainfo is for servers that for whatever reason need to use self-signed certs for https access. In this case remote operations like clone, push and fetch won't work without this feature, unless you disable verification altogether (http.sslVerify=false), which is vulnerable to man-in-the-middle attacks.

Report message to a moderator

Re: http.sslcainfo config option [message #1414605 is a reply to message #1060195] Sun, 31 August 2014 22:06 Go to previous messageGo to next message
Rene Malmgren is currently offline Rene MalmgrenFriend
Messages: 1
Registered: August 2014
Junior Member
Yes, this is exactly what I am looking 4. Any chans this will be supportet any time soon? I promise to send you a pizza worth in bitcoin if you do Smile

Report message to a moderator

Re: http.sslcainfo config option [message #1419917 is a reply to message #1414605] Tue, 09 September 2014 08:43 Go to previous messageGo to next message
Matthias Sohn is currently offline Matthias SohnFriend
Messages: 1268
Registered: July 2009
Senior Member
Did you try to import the cert into the Java keystore of the JVM you are using ?

Report message to a moderator

Re: http.sslcainfo config option [message #1863065 is a reply to message #1419917] Sat, 13 January 2024 14:02 Go to previous message
Yusuke SATO is currently offline Yusuke SATOFriend
Messages: 11
Registered: June 2017
Junior Member
If TLS client authentication is required, have you tried using the system property 'javax.net.ssl.keystore' instead of the git attribute 'http.sslcainfo'?

For example, if you have PKCS#12 client certificate, you have to add '-Djavax.net.ssl.keyStoreType=PKCS12', '-Djavax.net.ssl.keyStore=<path to the client cert>', and '-Djavax.net.ssl.keyStorePassword=<passphrase of the client cert>' to eclipse.ini.

Report message to a moderator

Previous Topic:JGit blobless clone: unable to fetch blobs later
Next Topic:local eclipse php project git repository clone to another local directory
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 25 14:12:03 GMT 2024

Powered by FUDForum. Page generated in 0.03386 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly