all: introduce experimental tls.external site setting
Created by: keegancsmith
We introduce the site setting tls.external
which administrators can configure for all external communication. This setting is taken into account by all external service communication as well as remote git commands. Initially we just target InsecureSkipVerify
, but a follow up PR will implement RootCAs.
This approach can supersede all external service configurations where we specify transport options. For example most of our external services have options for setting TLS certificates/etc.
Best reviewed commit by commit.
Meta: This approach could be extended for supporting http proxies. Should we rename the site setting to https.external
maybe?
Follow-up PRs:
- Support TLS certifications
- Updating documentation
Part of https://github.com/sourcegraph/sourcegraph/issues/71 and https://github.com/sourcegraph/sourcegraph/issues/2990