profile
viewpoint

Ask questionsUnable to clone GitLab repositories with self signed certificate

  • Sourcegraph version: 3.2
  • Platform information: Localhost, AWS, GCP

Details

Users are unable to clone GitLab repositories with self signed certificates – even when adding the certificate to the GitLab external service configuration as documented here: https://docs.sourcegraph.com/admin/external_service/gitlab#configuration

Implementation details can be found here: https://sourcegraph.com/github.com/sourcegraph/sourcegraph@v3.2.0/-/blob/cmd/repo-updater/repos/gitlab.go#L243

Steps to reproduce:

  1. Deploy Sourcegraph 3.2 to AWS, GCP, Digital Ocean
  2. Add a self signed certificate
  3. Configure a GitLab external service (only tested with an on-prem GitLab instance). Add the certificate details to the external service: https://docs.sourcegraph.com/admin/external_service/gitlab#configuration
  4. Add the external service
  5. Click Enable on one of the repositories.

Expected behavior:

GitLab external service should use the certificate provided to clone repositories.

Actual behavior:

Repositories are discovered, but unable to clone with the following error.

repo not found (name=some-host/some/repo/path url=https://git:xxxxxx@some-host/some/repo/path.git notfound=false) because exit status 128 (output follows)
fatal: unable to access 'https://git:xxxxxx@some-host/some/repo/path.git/': SSL certificate problem: unable to get local issuer certificate
sourcegraph/sourcegraph

Answer questions keegancsmith

@sourcegraph/core-services so we need to update gitserver so that we git config http.sslCAInfo per repo? Alternatively we can document how users can do globally set the git config http.sslVerify. Does that sound like the path forward?

useful!

Related questions

Add loki to sourcegraph.com hot 1
Github User Rank List