actions/runner
1
0
Fork 0
mirror of https://github.com/actions/runner.git synced 2025-12-12 23:46:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow NO_SSL_VERIFY in RawHttpMessageHandler. (#3883)

Browse Source
This commit is contained in:
Tingluo Huang
2025-05-30 22:48:16 -04:00
committed by GitHub
parent f03fcc8a01
commit acf3f2ba12
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Runner.Sdk/Util/VssUtil.cs
View File

@@ -38,6 +38,7 @@ namespace GitHub.Runner.Sdk
if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY"))) if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))
{ {
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
RawClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
} }
var rawHeaderValues = new List<ProductInfoHeaderValue>(); var rawHeaderValues = new List<ProductInfoHeaderValue>();

13
src/Sdk/Common/Common/RawHttpMessageHandler.cs
View File

@@ -106,6 +106,18 @@ namespace GitHub.Services.Common
{ {
VssTraceActivity traceActivity = VssTraceActivity.Current; VssTraceActivity traceActivity = VssTraceActivity.Current;
if (!m_appliedServerCertificateValidationCallbackToTransportHandler &&
request.RequestUri.Scheme == "https")
{
HttpClientHandler httpClientHandler = m_transportHandler as HttpClientHandler;
if (httpClientHandler != null &&
this.Settings.ServerCertificateValidationCallback != null)
{
httpClientHandler.ServerCertificateCustomValidationCallback = this.Settings.ServerCertificateValidationCallback;
}
m_appliedServerCertificateValidationCallbackToTransportHandler = true;
}
lock (m_thisLock) lock (m_thisLock)
{ {
// Ensure that we attempt to use the most appropriate authentication mechanism by default. // Ensure that we attempt to use the most appropriate authentication mechanism by default.
@@ -291,6 +303,7 @@ namespace GitHub.Services.Common
} }
} }
private bool m_appliedServerCertificateValidationCallbackToTransportHandler;
private readonly HttpMessageHandler m_transportHandler; private readonly HttpMessageHandler m_transportHandler;
private HttpMessageInvoker m_messageInvoker; private HttpMessageInvoker m_messageInvoker;
private CredentialWrapper m_credentialWrapper; private CredentialWrapper m_credentialWrapper;