Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] GitServlet, http.sslVerify=false, and hostnames

On 27 Jun 2011, at 22:47, james.moger@xxxxxxxxxxx wrote:

> Would the team consider either:
> 1. adding a new config setting (http.hostnameVerify=false) and a
> corresponding dummy hostname verifier
> 2. automatically setting a dummy hostname verifier if
> http.sslVerify=false? (maybe too dangerous?)

I'd suggest http.sslVerifyHostname and default it to the value of http.sslVerify. That way it works by default and still allows people to disable it if necessary. 

> Or would either of those require negotiation with the native Git team?

It may be just Java that treats the two things as separate issues whereas cgit doesn't distinguish between them. 

> Something like....

Want to push a patch to Gerrit?



Back to the top