[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] Disabling SSL Verification / Using Self-Signed Certs

Tested with the fix ported to 2.3.1 and it worked fine. For testing purposes, I just commented the check for http.sslVerfiy and used a locally built jar, without using a configuration file.


On Tue, Mar 19, 2013 at 11:17 PM, Isuru Haththotuwa <isurulucky@xxxxxxxxx> wrote:
Hi Matthias,

+1 for the fix. I haven't built jgit in my local machine, will do it asap and try your fix.

On Mon, Mar 4, 2013 at 2:40 AM, Matthias Sohn <matthias.sohn@xxxxxxxxx> wrote:
2013/3/3 <james.moger@xxxxxxxxxxx>
Improvements to self-signed https handling is something Gitblit is
interested in as well.

Namely, AFAIK, JGit still performs hostname verification of the
self-signed certificate regardless of http.sslVerify=false. ÂSo if I
sign for localhost and then serve on 10.0.1.5 JGit will fail to
push/pull to 10.0.1.5 because the serving hostname does not match the
certificate hostname.

This behavior is inconsistent with CGit where http.sslVerify will ignore
hostname verification failure. ÂJGit needs a DummyHostnameVerifier class
just like it has the DummyX509TrustManager.

When JGit encounters this scenario it will fail with:
org.eclipse.jgit.api.errors.TransportException:
https://182.161.22.228:8443/git/xyzrepo1.git: cannot open
git-upload-pack

http://gitblit.com/faq.html

Give it a try and let us know if this solves your problem.

--
MatthiasÂ

_______________________________________________
jgit-dev mailing list
jgit-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jgit-dev




--
Thanks and Regards,
Isuru



--
Thanks and Regards,
Isuru