Deprecate self_signed_cert config settingid-deprecate-self-signed-cert

The option isn't required to accept self-signed certs On the other hand, if the option set to true it makes machine-in-the-middle attack possible Let's clarify it in the code that the option is deprecated
author: Igor Drozdov <idrozdov@gitlab.com> 2022-01-12 17:15:18 +0300
committer: Igor Drozdov <idrozdov@gitlab.com> 2022-01-12 17:19:44 +0300
commit: 537f8e192908172863e93a97871409a8f043c292 (patch)
tree: d2ecf7d0eecc4dfea41ca7b1590d2a21db16620f /client
parent: 4989011bedc7c33aa49cdac3c230ae9fdcdb49fd (diff)
download: gitlab-shell-537f8e192908172863e93a97871409a8f043c292.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/client/httpclient.go b/client/httpclient.go
index 7b8a35c..5bbfbce 100644
--- a/client/httpclient.go
+++ b/client/httpclient.go
@@ -162,7 +162,10 @@ func buildHttpsTransport(hcc httpClientCfg, selfSignedCert bool, gitlabURL strin
 		}
 	}
 	tlsConfig := &tls.Config{
-		RootCAs:            certPool,
+		RootCAs: certPool,
+		// The self_signed_cert config setting is deprecated
+		// The field and its usage is going to be removed in
+		// https://gitlab.com/gitlab-org/gitlab-shell/-/issues/541
 		InsecureSkipVerify: selfSignedCert,
 		MinVersion:         tls.VersionTLS12,
 	}
author	Igor Drozdov <idrozdov@gitlab.com>	2022-01-12 17:15:18 +0300
committer	Igor Drozdov <idrozdov@gitlab.com>	2022-01-12 17:19:44 +0300
commit	537f8e192908172863e93a97871409a8f043c292 (patch)
tree	d2ecf7d0eecc4dfea41ca7b1590d2a21db16620f /client
parent	4989011bedc7c33aa49cdac3c230ae9fdcdb49fd (diff)
download	gitlab-shell-537f8e192908172863e93a97871409a8f043c292.tar.gz