"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > On 2022-09-15 at 01:46:50, Brijesh Patel wrote: >> Hi, > > Hey, > >> It appears that any value assigned to GIT_SSL_NO_VERIFY (true or >> false) has no effect on the GIT operations. For testing purposes, we >> have created a host entry for github.com and mapped it to foo.com. > > This is definitely true. There are several Git environment variables > that act this way, including GIT_CURL_VERBOSE, that check whether the > environment is present or absent, not whether it's set to a particular > value. > > I believe this behaviour is by design (although other folks are free to > correct me if they think I'e wrong). Yeah, a plausible alternative that could have existed is to name the variable GIT_SSL_VERIFY with the boolean (or the usual Boolean + 'auto', even though I do not offhand think of what 'auto' should do), but this variable definitely is designed to be "if set, the feature named by the variable goes in effect, and you unset it to make it ineffective". I did a quick audit of the environment variables documented in git(1) and it is a bit messy. Many environment variables use git_env_bool() to make themselves a proper Boolean environment variable, but some others that are described to take "1" to "enable" do not honor the usual "yes/true/on" convention. SSL_NO_VERIFY is worse, as it is not even described. So we should add it to "git help git". Documentation/git.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git c/Documentation/git.txt i/Documentation/git.txt index 0ef7f5e4ec..1b7e37e79a 100644 --- c/Documentation/git.txt +++ i/Documentation/git.txt @@ -682,6 +682,11 @@ for further details. plink or tortoiseplink. This variable overrides the config setting `ssh.variant` that serves the same purpose. +`GIT_SSL_NO_VERIFY`:: + Setting and exporting this environment variable to any value + tells Git not to verify the SSL certificate when fetching or + pushing over HTTPS. + `GIT_ASKPASS`:: If this environment variable is set, then Git commands which need to acquire passwords or passphrases (e.g. for HTTP or IMAP authentication)
