aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.junit.http/src/org/eclipse/jgit
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2017-09-02 13:20:48 +0200
committerMatthias Sohn <matthias.sohn@sap.com>2017-09-13 23:23:08 +0200
commitd946f95c9c06f27de8aac6ecc3f5d49eabe6e030 (patch)
treebed8f5f332ec9c1ad8d7cb855ba3100793364bbb /org.eclipse.jgit.junit.http/src/org/eclipse/jgit
parentfdcd4f9a3444c442a13bee8f041e31be12256464 (diff)
downloadjgit-d946f95c9c06f27de8aac6ecc3f5d49eabe6e030.tar.gz
jgit-d946f95c9c06f27de8aac6ecc3f5d49eabe6e030.zip
Handle SSL handshake failures in TransportHttp
When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.http/src/org/eclipse/jgit')
-rw-r--r--org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java16
1 files changed, 15 insertions, 1 deletions
diff --git a/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java b/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java
index 605c69a844..0ea0721286 100644
--- a/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java
+++ b/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java
@@ -69,9 +69,15 @@ public class SimpleHttpServer {
private URIish uri;
+ private URIish secureUri;
+
public SimpleHttpServer(Repository repository) {
+ this(repository, false);
+ }
+
+ public SimpleHttpServer(Repository repository, boolean withSsl) {
this.db = repository;
- server = new AppServer();
+ server = new AppServer(0, withSsl ? 0 : -1);
}
public void start() throws Exception {
@@ -79,6 +85,10 @@ public class SimpleHttpServer {
server.setUp();
final String srcName = db.getDirectory().getName();
uri = toURIish(sBasic, srcName);
+ int sslPort = server.getSecurePort();
+ if (sslPort > 0) {
+ secureUri = uri.setPort(sslPort).setScheme("https");
+ }
}
public void stop() throws Exception {
@@ -89,6 +99,10 @@ public class SimpleHttpServer {
return uri;
}
+ public URIish getSecureUri() {
+ return secureUri;
+ }
+
private ServletContextHandler smart(final String path) {
GitServlet gs = new GitServlet();
gs.setRepositoryResolver(new RepositoryResolver<HttpServletRequest>() {