diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2017-09-02 13:20:48 +0200 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2017-09-13 23:23:08 +0200 |
commit | d946f95c9c06f27de8aac6ecc3f5d49eabe6e030 (patch) | |
tree | bed8f5f332ec9c1ad8d7cb855ba3100793364bbb /org.eclipse.jgit.junit.http/src | |
parent | fdcd4f9a3444c442a13bee8f041e31be12256464 (diff) | |
download | jgit-d946f95c9c06f27de8aac6ecc3f5d49eabe6e030.tar.gz jgit-d946f95c9c06f27de8aac6ecc3f5d49eabe6e030.zip |
Handle SSL handshake failures in TransportHttp
When a https connection could not be established because the SSL
handshake was unsuccessful, TransportHttp would unconditionally
throw a TransportException.
Other https clients like web browsers or also some SVN clients
handle this more gracefully. If there's a problem with the server
certificate, they inform the user and give him a possibility to
connect to the server all the same.
In git, this would correspond to dynamically setting http.sslVerify
to false for the server.
Implement this using the CredentialsProvider to inform and ask the
user. We offer three choices:
1. skip SSL verification for the current git operation, or
2. skip SSL verification for the server always from now on for
requests originating from the current repository, or
3. always skip SSL verification for the server from now on.
For (1), we just suppress SSL verification for the current instance of
TransportHttp.
For (2), we store a http.<uri>.sslVerify = false setting for the
original URI in the repo config.
For (3), we store the http.<uri>.sslVerify setting in the git user
config.
Adapt the SmartClientSmartServerSslTest such that it uses this
mechanism instead of setting http.sslVerify up front.
Improve SimpleHttpServer to enable setting it up also with HTTPS
support in anticipation of an EGit SWTbot UI test verifying that
cloning via HTTPS from a server that has a certificate that doesn't
validate pops up the correct dialog, and that cloning subsequently
proceeds successfully if the user decides to skip SSL verification.
Bug: 374703
Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.http/src')
-rw-r--r-- | org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java b/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java index 605c69a844..0ea0721286 100644 --- a/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java +++ b/org.eclipse.jgit.junit.http/src/org/eclipse/jgit/junit/http/SimpleHttpServer.java @@ -69,9 +69,15 @@ public class SimpleHttpServer { private URIish uri; + private URIish secureUri; + public SimpleHttpServer(Repository repository) { + this(repository, false); + } + + public SimpleHttpServer(Repository repository, boolean withSsl) { this.db = repository; - server = new AppServer(); + server = new AppServer(0, withSsl ? 0 : -1); } public void start() throws Exception { @@ -79,6 +85,10 @@ public class SimpleHttpServer { server.setUp(); final String srcName = db.getDirectory().getName(); uri = toURIish(sBasic, srcName); + int sslPort = server.getSecurePort(); + if (sslPort > 0) { + secureUri = uri.setPort(sslPort).setScheme("https"); + } } public void stop() throws Exception { @@ -89,6 +99,10 @@ public class SimpleHttpServer { return uri; } + public URIish getSecureUri() { + return secureUri; + } + private ServletContextHandler smart(final String path) { GitServlet gs = new GitServlet(); gs.setRepositoryResolver(new RepositoryResolver<HttpServletRequest>() { |