Skip to content
Snippets Groups Projects

gitserver: include system certificates for git

Open gitserver: include system certificates for git
k/tls-git into main
Open
Administratorrequested to merge
k/tls-git into main

Created by: keegancsmith

When specifying certificates for tls.external site configuration we adjust the TLS configuration for go and git. In the case of go we would respect both the certificates specified as well as the system certificate authorities. For git we would only respect the custom certificates. This lead to customers either including system certificates in the site configuration, or baking in the custom certificates into our docker images.

We now will include system certificates for git if running on linux. Given we deploy on Linux this is fine. It isn't possible to support all operating systems, since not all OSs expose certificates. For example darwin does not. This is also why the x509 package in go doesn't expose system certificates, since it can't do it cross platform.

As such we introduce the cacert package which is a modification the x509 to expose the system certificates on Linux.

Test Plan: modified unit tests to output the certificate, validated the certificate included the system certifications. Additionally validated the code did not error on non-linux systems.

Fixes https://github.com/sourcegraph/sourcegraph/issues/38128 Fixes https://github.com/sourcegraph/customer/issues/1136

Merge request reports

Approval is optional
The source branch k/tls-git does not exist. Please restore it or use a different source branch.

Merge details

  • 5 commits and 1 merge commit will be added to main.
  • Source branch will not be deleted.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply