search

libgit2 / pygit2

Python bindings for libgit2
https://www.pygit2.org/
Other
1.58k stars 382 forks source link

`certificate_check` callback not used in `remote.connect` or `remote.ls_remotes` #1262

Open kevinvalk opened 6 months ago

kevinvalk commented 6 months ago

As far as I can see the remote_callbacks struct is not properly initialized with the certificate_check callback (https://libgit2.org/libgit2/#v0.23.2/type/git_remote_callbacks).

https://github.com/libgit2/pygit2/blob/611a3b3462a1acb6bc3ca0d9bd3eff7bf6154131/pygit2/callbacks.py#L384-L387

This makes it impossible to "bypass" certificate checks for example when testing remotes. So I think simply adding to the callback options is enough, but do not quote me on that!

cdata.certificate_check = C._certificate_cb

This also may be the problem for https://github.com/libgit2/pygit2/issues/945

P.S. Its point about certificate_check vs certificate still stands so that could also be sorted out.

kevinvalk commented 6 months ago

Super ugly monkey patch to get certificate_check working in version 1.13.3 of pygit2

class MyCallbacks(pygit2.RemoteCallbacks):
    def certificate_check(testrepo, certificate, valid, host):
        logging.error("Yes I bypass stuff")
        return True

    def __setattr__(self, name: str, value: Any) -> None:
        if name == "remote_callbacks":
            from pygit2.ffi import C

            value.certificate_check = C._certificate_cb
        return super().__setattr__(name, value)