-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revise SSL verification handling for debugging #9944
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @nafu - I'm not sure I totally understand this PR, is this going to set VERIFY_NONE
for all requests because we are not checking for the SPACESHIP_DEBUG
flag anymore?
Hi @ohayon We still use SPACESHIP_DEBUG flag and set VERIFY_NONE only for debugging. https://github.com/fastlane/fastlane/pull/9944/files#diff-a9086da2d7e8a66b647fdabdb0a7cca7R257 Now SPACESHIP_DEBUG setup is in one place like below. 👍
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah! My bad! I missed that if statement. Thanks for the information! 🚀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, @nafu I missed a couple of things there that I just have questions about! 😄
if ENV['SPACESHIP_DEBUG'] | ||
# for debugging only | ||
# This enables tracking of networking requests using Charles Web Proxy | ||
builder.proxy "https://127.0.0.1:8888" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to set builder.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
Here also? It feels like we are deleting something here that we might want?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this isn't a part of spaceship. I assume these might be copy and pasted from spaceship faraday code. So I delete this from hockey action.
end | ||
|
||
if ENV["DEBUG"] | ||
puts "To run _spaceship_ through a local proxy, use SPACESHIP_DEBUG" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How come we are deleting this here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same reason above, but if I should revert this let me know 👍
I think you're probably right for both of those things @nafu ! Lets go ahead and merge! 🚀 Do you want to press merge? |
👍 @ohayon Thanks. I'll press 🚀 |
Hey @nafu 👋 Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉 Please let us know if this change requires an immediate release by adding a comment here 👍 |
Congratulations! 🎉 This was released as part of fastlane 2.51.0 🚀 |
* Revise SSL verify handling for debugging See more about lostisland/faraday: https://github.com/lostisland/faraday/blob/e1e50f5eb4a03cde91fd7827f9df46b4f58c19b2/lib/faraday/adapter/net_http.rb#L124-L132 * Remove spaceship debugging codes from hockey action
Checklist
bundle exec rspec
from the root directory to see all new and existing tests passbundle exec rubocop -a
to ensure the code style is validMotivation and Context
The execution of
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
should be revised.Description
Use Faraday option to use
OpenSSL::SSL::VERIFY_NONE
instead of usingOpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
.