Add https.blindly-trust-domains to Arcanist

Summary: This allows users to specify that they want to implicitly trust their weird self-signed certificate without verification. This can either be specified per user (which will make it apply every time the user runs `arc`, in any project): arc set-config https.blindly-trust-domains '["example.mycompany.com"]' ...or added to a `.arcconfig` file (which will make it apply to every user who runs `arc` in that project): "https.blindly-trust-domains" : ["example.mycompany.com"] Depends on D7130. Test Plan: Tweaked config and verified this setting sends HTTPSFuture down the right branch. Reviewers: btrahan Reviewed By: btrahan CC: hlau, aran Differential Revision: https://secure.phabricator.com/D7131
ScopiCisco · Sep 25, 2013 · 6270dd0 · 6270dd0
1 parent 0d0333d
commit 6270dd0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/scripts/arcanist.php b/scripts/arcanist.php
@@ -208,6 +208,12 @@
     HTTPSFuture::setGlobalCABundleFromPath($ca_bundle);
   }
 
+  $blind_key = 'https.blindly-trust-domains';
+  $blind_trust = $working_copy->getConfigFromAnySource($blind_key);
+  if ($blind_trust) {
+    HTTPSFuture::setBlindlyTrustDomains($blind_trust);
+  }
+
   if ($need_conduit) {
     if (!$conduit_uri) {
 

diff --git a/src/configuration/ArcanistSettings.php b/src/configuration/ArcanistSettings.php
@@ -103,6 +103,12 @@ private function getOptions() {
           "behind https signed by your organization's internal CA.",
         'example' => 'support/yourca.pem'
       ),
+      'https.blindly-trust-domains' => array(
+        'type' => 'list',
+        'help' => 'List of domains to blindly trust SSL certificates for. '.
+                  'Disables peer verification.',
+        'example' => '["secure.mycompany.com"]',
+      ),
       'browser' => array(
         'type' => 'string',
         'help' =>