tests: optionally ignore https cert validation For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
diff --git a/tests/online/clone.c b/tests/online/clone.c
index bfd50a1..ce49f18 100644
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -20,6 +20,7 @@ static git_clone_options g_options;
static char *_remote_url = NULL;
static char *_remote_user = NULL;
static char *_remote_pass = NULL;
+static char *_remote_sslnoverify = NULL;
static char *_remote_ssh_pubkey = NULL;
static char *_remote_ssh_privkey = NULL;
static char *_remote_ssh_passphrase = NULL;
@@ -34,6 +35,18 @@ static int _orig_proxies_need_reset = 0;
static char *_orig_http_proxy = NULL;
static char *_orig_https_proxy = NULL;
+static int ssl_cert(git_cert *cert, int valid, const char *host, void *payload)
+{
+ GIT_UNUSED(cert);
+ GIT_UNUSED(host);
+ GIT_UNUSED(payload);
+
+ if (_remote_sslnoverify != NULL)
+ valid = 1;
+
+ return valid ? 0 : GIT_ECERTIFICATE;
+}
+
void test_online_clone__initialize(void)
{
git_checkout_options dummy_opts = GIT_CHECKOUT_OPTIONS_INIT;
@@ -46,10 +59,12 @@ void test_online_clone__initialize(void)
g_options.checkout_opts = dummy_opts;
g_options.checkout_opts.checkout_strategy = GIT_CHECKOUT_SAFE;
g_options.fetch_opts = dummy_fetch;
+ g_options.fetch_opts.callbacks.certificate_check = ssl_cert;
_remote_url = cl_getenv("GITTEST_REMOTE_URL");
_remote_user = cl_getenv("GITTEST_REMOTE_USER");
_remote_pass = cl_getenv("GITTEST_REMOTE_PASS");
+ _remote_sslnoverify = cl_getenv("GITTEST_REMOTE_SSL_NOVERIFY");
_remote_ssh_pubkey = cl_getenv("GITTEST_REMOTE_SSH_PUBKEY");
_remote_ssh_privkey = cl_getenv("GITTEST_REMOTE_SSH_KEY");
_remote_ssh_passphrase = cl_getenv("GITTEST_REMOTE_SSH_PASSPHRASE");
@@ -74,6 +89,7 @@ void test_online_clone__cleanup(void)
git__free(_remote_url);
git__free(_remote_user);
git__free(_remote_pass);
+ git__free(_remote_sslnoverify);
git__free(_remote_ssh_pubkey);
git__free(_remote_ssh_privkey);
git__free(_remote_ssh_passphrase);
@@ -483,6 +499,7 @@ void test_online_clone__ssh_auth_methods(void)
#endif
g_options.fetch_opts.callbacks.credentials = check_ssh_auth_methods;
g_options.fetch_opts.callbacks.payload = &with_user;
+ g_options.fetch_opts.callbacks.certificate_check = NULL;
with_user = 0;
cl_git_fail_with(GIT_EUSER,
@@ -535,6 +552,7 @@ void test_online_clone__ssh_with_paths(void)
g_options.fetch_opts.callbacks.transport = git_transport_ssh_with_paths;
g_options.fetch_opts.callbacks.credentials = cred_cb;
g_options.fetch_opts.callbacks.payload = &arr;
+ g_options.fetch_opts.callbacks.certificate_check = NULL;
cl_git_fail(git_clone(&g_repo, _remote_url, "./foo", &g_options));