Skip to content

all: support certificates in tls.external

Administrator requested to merge core/tls-external-rootcas into master

Created by: keegancsmith

Extended the experimental tls.external site setting to include a list of certificates. When set repo-updater will add the certificates to the HTTP client's RootCAs. This features works on top of any certificates added to an individual external service configuration. Additionally these certificates are also set for remote git commands.

This was tested by running a local HTTPS proxy to GitHub.com. I ensured both API requests and git requests only worked when the relevant tls.external setting was configured.

Note: AWS CodeCommit still does not support these setting. However, I don't expect AWS CodeCommit to be self hosted so should be fine.

Fixes #71

Merge request reports

Loading