From 7c3313a3baaa3695081a9c17b521931877babad6 Mon Sep 17 00:00:00 2001
From: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>
Date: Mon, 23 Jan 2023 13:59:59 +0100
Subject: GitRepo: Add SSL certificate verification callbacks for remote commit
 update

The libgit2 library does not satisfy the http.sslVerify gitconfig
field or the GIT_SSL_NO_VERIFY environment variable, so we have to
perform these checks ourselves and supply the correct return value
from the certificate_check git_fetch_options callback.

The callbacks used for fixing the remote fetch SSL certificate
verification are reused here.
---
 src/buildtool/file_system/git_repo.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/buildtool/file_system/git_repo.cpp')

diff --git a/src/buildtool/file_system/git_repo.cpp b/src/buildtool/file_system/git_repo.cpp
index c89c7610..d2d6c8ef 100644
--- a/src/buildtool/file_system/git_repo.cpp
+++ b/src/buildtool/file_system/git_repo.cpp
@@ -833,6 +833,10 @@ auto GitRepo::GetCommitFromRemote(std::string const& repo_url,
         git_remote_callbacks callbacks{};
         git_remote_init_callbacks(&callbacks, GIT_REMOTE_CALLBACKS_VERSION);
 
+        // set custom SSL verification callback
+        callbacks.certificate_check =
+            SetCustomSSLCertificateCheckCallback(repo_.get());
+
         git_proxy_options proxy_opts{};
         git_proxy_options_init(&proxy_opts, GIT_PROXY_OPTIONS_VERSION);
 
-- 
cgit v1.2.3