Fix managed http/https transport failures #858

Open

darkowlzz wants to merge 1 commits from darkowlzz/http-go-transport-fix into main

Author	SHA1	Message	Date
Sunny	7f64702bd0	Fix managed http/https transports For http transport, perviously, an initial request without any credentials was being sent and upon unauthorized response, credentials were fetched and the request was retried with the obtained credentials. This appeared to have resulted in the remote server closing the connection, resulting in clone failure error: ``` unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe ``` Querying the credentials at the very beginning and not failing fixes the closed pipe issue. For https transport, since the go transport doesn't have access to the certificate, it results in the following failure: ``` unable to clone: Get "https://127.0.0.1:44185/bar/test-reponame/info/refs?service=git-upload-pack": x509: certificate signed by unknown authority ``` Since the go smart transport is private, there seems to be no way to pass the certificates to it. Unlike the credentials, there's no method to fetch the certificate from libgit2. Some past discussions in libgit2 talks about keeping the data outside of libgit2 when using an external transport. With the current structure of the code, it's hard to pass the certificate to the go transport. This change introduces a global CA certs pool that can be populated by the users of git2go and the smart transport can lookup for the presence of any certificate in the global pool before making any https requests. This solves the cloning issue due to cert signing.	2021-11-08 02:23:46 +05:30

Author

SHA1

Message

Date

Sunny

7f64702bd0

Fix managed http/https transports

For http transport, perviously, an initial request without any
credentials was being sent and upon unauthorized response,
credentials were fetched and the request was retried with the
obtained credentials. This appeared to have resulted in the remote
server closing the connection, resulting in clone failure error:

```
unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe
```

Querying the credentials at the very beginning and not failing fixes the
closed pipe issue.

For https transport, since the go transport doesn't have access to the
certificate, it results in the following failure:

```
unable to clone: Get "https://127.0.0.1:44185/bar/test-reponame/info/refs?service=git-upload-pack": x509: certificate signed by unknown authority
```

Since the go smart transport is private, there seems to be no way to
pass the certificates to it. Unlike the credentials, there's no method
to fetch the certificate from libgit2.
Some past discussions in libgit2 talks about keeping the data outside of
libgit2 when using an external transport.
With the current structure of the code, it's hard to pass the
certificate to the go transport.
This change introduces a global CA certs pool that can be populated by
the users of git2go and the smart transport can lookup for the presence
of any certificate in the global pool before making any https requests.
This solves the cloning issue due to cert signing.

2021-11-08 02:23:46 +05:30

Fix managed http/https transport failures #858

1 Commits