actions/runner
1
0
Fork 0
mirror of https://github.com/actions/runner.git synced 2025-12-11 12:57:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1 to skip SSL cert verification for the runner. (#1616)

Browse Source
This commit is contained in:
Tingluo Huang
2022-01-19 10:31:17 -05:00
committed by GitHub
parent d8251bf912
commit ac31fd10b2
3 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Runner.Common/HostContext.cs
View File

@@ -193,6 +193,11 @@ namespace GitHub.Runner.Common
_trace.Info($"No proxy settings were found based on environmental variables (http_proxy/https_proxy/HTTP_PROXY/HTTPS_PROXY)"); _trace.Info($"No proxy settings were found based on environmental variables (http_proxy/https_proxy/HTTP_PROXY/HTTPS_PROXY)");
} }
if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))
{
_trace.Warning($"Runner is running under insecure mode: HTTPS server certifcate validation has been turned off by GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY environment variable.");
}
var credFile = GetConfigFile(WellKnownConfigFile.Credentials); var credFile = GetConfigFile(WellKnownConfigFile.Credentials);
if (File.Exists(credFile)) if (File.Exists(credFile))
{ {
@@ -350,7 +355,7 @@ namespace GitHub.Runner.Common
GetDirectory(WellKnownDirectory.Root), GetDirectory(WellKnownDirectory.Root),
".setup_info"); ".setup_info");
break; break;
case WellKnownConfigFile.Telemetry: case WellKnownConfigFile.Telemetry:
path = Path.Combine( path = Path.Combine(
GetDirectory(WellKnownDirectory.Diag), GetDirectory(WellKnownDirectory.Diag),

10
src/Runner.Common/HttpClientHandlerFactory.cs
View File

@@ -1,3 +1,4 @@
using System;
using System.Net.Http; using System.Net.Http;
using GitHub.Runner.Sdk; using GitHub.Runner.Sdk;
@@ -13,7 +14,14 @@ namespace GitHub.Runner.Common
{ {
public HttpClientHandler CreateClientHandler(RunnerWebProxy webProxy) public HttpClientHandler CreateClientHandler(RunnerWebProxy webProxy)
{ {
return new HttpClientHandler() { Proxy = webProxy }; var client = new HttpClientHandler() { Proxy = webProxy };
if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))
{
client.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
}
return client;
} }
} }
} }

5
src/Runner.Sdk/Util/VssUtil.cs
View File

@@ -27,6 +27,11 @@ namespace GitHub.Runner.Sdk
VssClientHttpRequestSettings.Default.UserAgent = headerValues; VssClientHttpRequestSettings.Default.UserAgent = headerValues;
VssHttpMessageHandler.DefaultWebProxy = proxy; VssHttpMessageHandler.DefaultWebProxy = proxy;
if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))
{
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
}
} }
public static VssConnection CreateConnection(Uri serverUri, VssCredentials credentials, IEnumerable<DelegatingHandler> additionalDelegatingHandler = null, TimeSpan? timeout = null) public static VssConnection CreateConnection(Uri serverUri, VssCredentials credentials, IEnumerable<DelegatingHandler> additionalDelegatingHandler = null, TimeSpan? timeout = null)