Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » EGit / JGit » http.sslcainfo config option
http.sslcainfo config option [message #1058841] Wed, 15 May 2013 07:39 Go to next message
Eclipse UserFriend
Is the configuration option http.sslcainfo supposed to be working in EGit/JGit? It doesn't seem to be working for me with .pem files in EGit 3.0.0.201305112223. Command-line Git (1.8.2.1) is happy with these files.

If it's not implemented yet, is it in the queue of pending tasks?
Re: http.sslcainfo config option [message #1060195 is a reply to message #1058841] Thu, 23 May 2013 09:05 Go to previous messageGo to next message
Eclipse UserFriend
Currently http.sslcainfo is not supported by JGit. I have some ooold proposals [1], [2] which add client and server side support for certificate based authentication to JGit. They'll bring http.sslcainfo. Somehow I had not enough time to finish this and forgot about them. From my perspective the demand for this feature was also not so high. But I think it's time not to get this through. I'll continue to work on these two changes and propose some updated commits.

[1] https://git.eclipse.org/r/#/c/3199
[1] https://git.eclipse.org/r/#/c/3200
Re: http.sslcainfo config option [message #1060640 is a reply to message #1060195] Mon, 27 May 2013 08:41 Go to previous messageGo to next message
Eclipse UserFriend
The main utility of http.sslcainfo is for servers that for whatever reason need to use self-signed certs for https access. In this case remote operations like clone, push and fetch won't work without this feature, unless you disable verification altogether (http.sslVerify=false), which is vulnerable to man-in-the-middle attacks.
Re: http.sslcainfo config option [message #1414605 is a reply to message #1060195] Sun, 31 August 2014 18:06 Go to previous messageGo to next message
Eclipse UserFriend
Yes, this is exactly what I am looking 4. Any chans this will be supportet any time soon? I promise to send you a pizza worth in bitcoin if you do Smile
Re: http.sslcainfo config option [message #1419917 is a reply to message #1414605] Tue, 09 September 2014 04:43 Go to previous messageGo to next message
Eclipse UserFriend
Did you try to import the cert into the Java keystore of the JVM you are using ?
Re: http.sslcainfo config option [message #1863065 is a reply to message #1419917] Sat, 13 January 2024 09:02 Go to previous message
Eclipse UserFriend
If TLS client authentication is required, have you tried using the system property 'javax.net.ssl.keystore' instead of the git attribute 'http.sslcainfo'?

For example, if you have PKCS#12 client certificate, you have to add '-Djavax.net.ssl.keyStoreType=PKCS12', '-Djavax.net.ssl.keyStore=<path to the client cert>', and '-Djavax.net.ssl.keyStorePassword=<passphrase of the client cert>' to eclipse.ini.
Previous Topic:JGit blobless clone: unable to fetch blobs later
Next Topic:local eclipse php project git repository clone to another local directory
Goto Forum:
  


Current Time: Wed May 14 02:18:52 EDT 2025

Powered by FUDForum. Page generated in 1.63089 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly