Community
Participate
Working Groups
Created attachment 185102 [details] support for self signed certificates (http.sslVerify=false) I installed the nightly build of JGit/EGit this afternoon to see if it works with the new git "smart-http-backend", HTTPS (SSL) and basic/digest authentication i'm setting up. There is only a self signed certificate on the server, which causes the communication to fail. Here is what i did. 1. Open the Git Repositories view. 2. Click the icon for "Clone a Git Repository and add the clone to this view". 3. Enter all details (incl a https url to a server with self signed cert) 4. Click "Next" 5. An error message is shown: ---------- Transport Error Cannot list the available branches. Reason: https://ps@code.psnet.nu/git/test.git: cannot open git-upload-pack "https://ps@code.psnet.nu/git/test.git: cannot open git-upload-pack sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" ---------- One way to solve the whole problem (without any changes to JGit) is to import the cert to my jvms keystore, but that's not a solution i prefer in this case. The other solution, which i think should be implemented in JGIt is the possibility to disable ssl verification, just as i can do with git using: git config --global http.sslVerify false I wrote a patch to show what i mean. To enable the feature, configure Window->Preferences->Team->Git->Configuration and add a new key/value: http.sslVerify=false When handling repos over https, JGit will then check that flag to see if security is loose and the ssl verification should be ignored. Having it implemented as a key/value makes it not to obvious in the GUI - so the user must know what he/she is doing when adding it. Being aware of the risks etc. I did some basic testing with it - cloning a repository, making some changes and then pushing them back to the server.
I also faced this issue on 0.10.1 recently. I saw Per's patch but I never applied a patch before from this repository. Is there any page which describes how to build apply a jgit patch on 0.10.1? I tried to checkout the jgit code but failed to find version 0.10.1 in cvs. On HEAD I found some .php and .html files but no java code. Any hint to get me to successfully apply the patch is welcome. Right now I'm stuck and can't access a git repository I want to check in code with eclipse. I also can't import the certificate because it's owned by an internet provider and he doesn't want to share it.
(In reply to comment #1) > I also faced this issue on 0.10.1 recently. I saw Per's patch but I never > applied a patch before from this repository. Is there any page which describes > how to build apply a jgit patch on 0.10.1? I tried to checkout the jgit code > but failed to find version 0.10.1 in cvs. On HEAD I found some .php and .html > files but no java code. Any hint to get me to successfully apply the patch is > welcome. jgit sources are not stored in cvs but in git ;-) have a look here: http://www.eclipse.org/jgit/developers/ http://wiki.eclipse.org/EGit/Contributor_Guide
I pushed your patch to Gerrit for code review : please have a look at http://egit.eclipse.org/r/#change,2318
(In reply to comment #3) > I pushed your patch to Gerrit for code review : please have a look at > http://egit.eclipse.org/r/#change,2318 Great, thanks for adding this!
Merged as commit d49530ad861ee7053ca1a92d619f127b5d6bc3a1
I'm getting the "cannot open git-upload-pack" error trying to connect to a https repository with a self signed certificate. I have Eclipse Juno with EGit/JGit 2.0.0.201206130900-r. I also added http.sslVerify=false and https.verify=false.
