Skip to content

Commit 394ae7e

Browse files
ethomsonethomson
committed
proxy tests: support self-signed proxy cert
Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.
1 parent b2ed778 commit 394ae7e

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed

tests/online/clone.c

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ static char *_remote_proxy_scheme = NULL;
2828
static char *_remote_proxy_host = NULL;
2929
static char *_remote_proxy_user = NULL;
3030
static char *_remote_proxy_pass = NULL;
31+
static char *_remote_proxy_selfsigned = NULL;
3132

3233
static int _orig_proxies_need_reset = 0;
3334
static char *_orig_http_proxy = NULL;
@@ -57,6 +58,7 @@ void test_online_clone__initialize(void)
5758
_remote_proxy_host = cl_getenv("GITTEST_REMOTE_PROXY_HOST");
5859
_remote_proxy_user = cl_getenv("GITTEST_REMOTE_PROXY_USER");
5960
_remote_proxy_pass = cl_getenv("GITTEST_REMOTE_PROXY_PASS");
61+
_remote_proxy_selfsigned = cl_getenv("GITTEST_REMOTE_PROXY_SELFSIGNED");
6062

6163
_orig_proxies_need_reset = 0;
6264
}
@@ -80,6 +82,7 @@ void test_online_clone__cleanup(void)
8082
git__free(_remote_proxy_host);
8183
git__free(_remote_proxy_user);
8284
git__free(_remote_proxy_pass);
85+
git__free(_remote_proxy_selfsigned);
8386

8487
if (_orig_proxies_need_reset) {
8588
cl_setenv("HTTP_PROXY", _orig_http_proxy);
@@ -727,6 +730,30 @@ static int proxy_creds(git_cred **out, const char *url, const char *username, un
727730
return git_cred_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
728731
}
729732

733+
static int proxy_cert_cb(git_cert *cert, int valid, const char *host, void *payload)
734+
{
735+
char *colon;
736+
size_t host_len;
737+
738+
GIT_UNUSED(cert);
739+
GIT_UNUSED(valid);
740+
GIT_UNUSED(payload);
741+
742+
cl_assert(_remote_proxy_host);
743+
744+
if ((colon = strchr(_remote_proxy_host, ':')) != NULL)
745+
host_len = (colon - _remote_proxy_host);
746+
else
747+
host_len = strlen(_remote_proxy_host);
748+
749+
if (_remote_proxy_selfsigned != NULL &&
750+
strlen(host) == host_len &&
751+
strncmp(_remote_proxy_host, host, host_len) == 0)
752+
valid = 1;
753+
754+
return valid ? 0 : GIT_ECERTIFICATE;
755+
}
756+
730757
void test_online_clone__proxy_credentials_request(void)
731758
{
732759
git_buf url = GIT_BUF_INIT;
@@ -741,6 +768,7 @@ void test_online_clone__proxy_credentials_request(void)
741768
g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
742769
g_options.fetch_opts.proxy_opts.url = url.ptr;
743770
g_options.fetch_opts.proxy_opts.credentials = proxy_creds;
771+
g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
744772
called_proxy_creds = 0;
745773
cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
746774
cl_assert(called_proxy_creds);
@@ -761,6 +789,7 @@ void test_online_clone__proxy_credentials_in_url(void)
761789

762790
g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
763791
g_options.fetch_opts.proxy_opts.url = url.ptr;
792+
g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
764793
called_proxy_creds = 0;
765794
cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
766795
cl_assert(called_proxy_creds == 0);
@@ -780,6 +809,7 @@ void test_online_clone__proxy_credentials_in_environment(void)
780809
_orig_proxies_need_reset = 1;
781810

782811
g_options.fetch_opts.proxy_opts.type = GIT_PROXY_AUTO;
812+
g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
783813

784814
cl_git_pass(git_buf_printf(&url, "%s://%s:%s@%s/",
785815
_remote_proxy_scheme ? _remote_proxy_scheme : "http",

0 commit comments

Comments
 (0)