diff options
| -rw-r--r-- | client/httpclient.go | 5 | ||||
| -rw-r--r-- | config.yml.example | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/client/httpclient.go b/client/httpclient.go index 7b8a35c..5bbfbce 100644 --- a/client/httpclient.go +++ b/client/httpclient.go @@ -162,7 +162,10 @@ func buildHttpsTransport(hcc httpClientCfg, selfSignedCert bool, gitlabURL strin } } tlsConfig := &tls.Config{ - RootCAs: certPool, + RootCAs: certPool, + // The self_signed_cert config setting is deprecated + // The field and its usage is going to be removed in + // https://gitlab.com/gitlab-org/gitlab-shell/-/issues/541 InsecureSkipVerify: selfSignedCert, MinVersion: tls.VersionTLS12, } diff --git a/config.yml.example b/config.yml.example index 5662d2e..4db258b 100644 --- a/config.yml.example +++ b/config.yml.example @@ -26,6 +26,11 @@ http_settings: # password: somepass # ca_file: /etc/ssl/cert.pem # ca_path: /etc/pki/tls/certs +# +# The self_signed_cert option is deprecated +# When it's set to true, any certificate is accepted, which may make machine-in-the-middle attack possible +# Certificates specified in ca_file and ca_path are trusted anyway even if they are self-signed +# Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/120 self_signed_cert: false # File used as authorized_keys for gitlab user |