Merge pull request #430 from jaanus/specify-server-certificate

Option to pass a trusted server certificate when cloning
libgit2 · Dec 29, 2014 · 5021887 · 5021887
2 parents b4ae265 + fcae826
commit 5021887
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/ObjectiveGit/GTRepository.h b/ObjectiveGit/GTRepository.h
@@ -106,6 +106,9 @@ extern NSString * const GTRepositoryCloneOptionsCredentialProvider;
 /// A BOOL indicating whether local clones should actually clone, or just link.
 extern NSString * const GTRepositoryCloneOptionsCloneLocal;
 
+/// A NSURL pointing to a local file that contains PEM-encoded certificate chain.
+extern NSString *const GTRepositoryCloneOptionsServerCertificateURL;
+
 /// Initialization flags associated with `GTRepositoryInitOptionsFlags` for
 /// +initializeEmptyRepositoryAtFileURL:options:error:.
 ///
@@ -199,7 +202,8 @@ extern NSString * const GTRepositoryInitOptionsOriginURLString;
 ///                         `GTRepositoryCloneOptionsBare`,
 ///                         `GTRepositoryCloneOptionsCheckout`,
 ///                         `GTRepositoryCloneOptionsCredentialProvider`,
-///                         `GTRepositoryCloneOptionsCloneLocal`
+///                         `GTRepositoryCloneOptionsCloneLocal`,
+///                         `GTRepositoryCloneOptionsServerCertificateURL`
 /// error                 - A pointer to fill in case of trouble.
 /// transferProgressBlock - This block is called with network transfer updates.
 /// checkoutProgressBlock - This block is called with checkout updates

diff --git a/ObjectiveGit/GTRepository.m b/ObjectiveGit/GTRepository.m
@@ -59,6 +59,7 @@
 NSString * const GTRepositoryCloneOptionsTransportFlags = @"GTRepositoryCloneOptionsTransportFlags";
 NSString * const GTRepositoryCloneOptionsCredentialProvider = @"GTRepositoryCloneOptionsCredentialProvider";
 NSString * const GTRepositoryCloneOptionsCloneLocal = @"GTRepositoryCloneOptionsCloneLocal";
+NSString * const GTRepositoryCloneOptionsServerCertificateURL = @"GTRepositoryCloneOptionsServerCertificateURL";
 NSString * const GTRepositoryInitOptionsFlags = @"GTRepositoryInitOptionsFlags";
 NSString * const GTRepositoryInitOptionsMode = @"GTRepositoryInitOptionsMode";
 NSString * const GTRepositoryInitOptionsWorkingDirectoryPath = @"GTRepositoryInitOptionsWorkingDirectoryPath";
@@ -265,6 +266,15 @@ + (id)cloneFromURL:(NSURL *)originURL toWorkingDirectory:(NSURL *)workdirURL opt
 	if (localClone) {
 		cloneOptions.local = GIT_CLONE_NO_LOCAL;
 	}
+
+	NSURL *serverCertificateURL = options[GTRepositoryCloneOptionsServerCertificateURL];
+	if (serverCertificateURL) {
+		int gitError = git_libgit2_opts(GIT_OPT_SET_SSL_CERT_LOCATIONS, serverCertificateURL.fileSystemRepresentation, NULL);
+		if (gitError < GIT_OK) {
+			if (error != NULL) *error = [NSError git_errorFor:gitError description:@"Failed to configure the server certificate at %@", serverCertificateURL];
+			return nil;
+		}
+	}
 
 	// If our originURL is local, convert to a path before handing down.
 	const char *remoteURL = NULL;