Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LibGit2: fix pass-through for SSH #38563

Merged
merged 1 commit into from
Nov 24, 2020
Merged

LibGit2: fix pass-through for SSH #38563

merged 1 commit into from
Nov 24, 2020

Conversation

StefanKarpinski
Copy link
Sponsor Member

According to the libgit2 documentation, if the callback returns any postive value, it will behave as if the callback were unset (i.e. pass-through), but that's not true. The value that needs to be returned is actually -30 (GIT_PASSTHROUGH).

@StefanKarpinski
LibGit2: fix pass-through for SSH
62ca6f3 
According to the libgit2 documentation, if the callback returns any
postive value, it will behave as if the callback were unset (i.e.
pass-through), but that's not true. The value that needs to be returned
is actually -30 (`GIT_PASSTHROUGH`).
@Keno
Copy link
Member

Keno commented Nov 24, 2020

Hmm?
https://github.com/libgit2/libgit2/blob/b8cdc9c9c59c61fc699550af5245c57744c1bcbd/src/transports/ssh.c#L602-L607

@StefanKarpinski
Copy link
Sponsor Member Author

StefanKarpinski commented Nov 24, 2020
edited
Loading

Yes, but:

So while returning a negative positive value to indicate pass-through does work for SSH, it does not work for HTTPS. The previous version of this code was just rejecting invalid certificates, which works for HTTPS but does not seem to work for SSH, which seems to need to try something else after this callback in order to work. The GIT_PASSTHROUGH constant (-30) actually works as a pass-through value for all protocols.

@Keno
Copy link
Member

Keno commented Nov 24, 2020

So while returning a negative value to indicate pass-through does work for SSH

You mean a positive value?

@StefanKarpinski
Copy link
Sponsor Member Author

Yes, that's what I meant.

@Keno
Copy link
Member

Keno commented Nov 24, 2020

So the design of NetworkOptions.verify_host is to allow additional hosts, but never be able to reject anything the system allows?

@StefanKarpinski StefanKarpinski mentioned this pull request Nov 24, 2020
Merged
@StefanKarpinski
Copy link
Sponsor Member Author

Yes, it is a mechanism for allowing unverified access to hosts that would otherwise fail verification. Why would we want a mechanism for rejecting verified hosts?

@StefanKarpinski StefanKarpinski mentioned this pull request Nov 24, 2020
Closed
@StefanKarpinski StefanKarpinski merged commit 6614645 into master Nov 24, 2020
@StefanKarpinski StefanKarpinski deleted the sk/libgit2-fix-ssh-passthrough branch November 24, 2020 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@StefanKarpinski @Keno