Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] Disabling SSL Verification / Using Self-Signed Certs

Improvements to self-signed https handling is something Gitblit is
interested in as well.

Namely, AFAIK, JGit still performs hostname verification of the
self-signed certificate regardless of http.sslVerify=false.  So if I
sign for localhost and then serve on JGit will fail to
push/pull to because the serving hostname does not match the
certificate hostname.

This behavior is inconsistent with CGit where http.sslVerify will ignore
hostname verification failure.  JGit needs a DummyHostnameVerifier class
just like it has the DummyX509TrustManager.

When JGit encounters this scenario it will fail with:
org.eclipse.jgit.api.errors.TransportException: cannot open


Back to the top