refactor

gix/src/config/cache/init.rs

@@ -384,16 +384,21 @@ fn apply_environment_overrides(
                     let key = &gitoxide::Http::VERBOSE;
                     (env(key), key.name)
                 },
-                {
-                    let key = &gitoxide::Http::SSL_NO_VERIFY;
-                    (env(key), key.name)
-                },
                 {
                     let key = &gitoxide::Http::PROXY_AUTH_METHOD;
                     (env(key), key.name)
                 },
             ],
         ),
+        (
+            "gitoxide",
+            Some(Cow::Borrowed("http".into())),
+            git_prefix,
+            &[{
+                let key = &gitoxide::Http::SSL_NO_VERIFY;
+                (env(key), key.name)
+            }],
+        ),
         (
             "gitoxide",
             Some(Cow::Borrowed("credentials".into())),

gix/src/config/tree/sections/gitoxide.rs

@@ -186,8 +186,7 @@ mod subsections {
         /// git server uses a self-signed certificate and the user accepts the associated security risks.
         pub const SSL_NO_VERIFY: keys::Boolean = keys::Boolean::new_boolean("sslNoVerify", &Gitoxide::HTTP)
             .with_environment_override("GIT_SSL_NO_VERIFY")
-            .with_deviation("Only supported when using curl as https backend")
-            .with_note("Used to disable SSL verification. When this is enabled it takes prority over http.sslVerify.");
+            .with_note("used to disable SSL verification. When this is enabled it takes priority over http.sslVerify");
         /// The `gitoxide.http.proxyAuthMethod` key.
         pub const PROXY_AUTH_METHOD: http::ProxyAuthMethod =
             http::ProxyAuthMethod::new_proxy_auth_method("proxyAuthMethod", &Gitoxide::HTTP)

gix/src/config/tree/sections/http.rs

@@ -12,7 +12,7 @@ impl Http {
         );
     /// The `http.sslVerify` key.
     pub const SSL_VERIFY: keys::Boolean = keys::Boolean::new_boolean("sslVerify", &config::Tree::HTTP)
-        .with_deviation("Only supported when using curl as https backend");
+        .with_note("also see the `gitoxide.http.sslNoVerify` key");
     /// The `http.proxy` key.
     pub const PROXY: keys::String =
         keys::String::new_string("proxy", &config::Tree::HTTP).with_deviation("fails on strings with illformed UTF-8");
@@ -61,6 +61,7 @@ impl Section for Http {
     fn keys(&self) -> &[&dyn Key] {
         &[
             &Self::SSL_VERSION,
+            &Self::SSL_VERIFY,
             &Self::PROXY,
             &Self::PROXY_AUTH_METHOD,
             &Self::VERSION,

gix/src/repository/config/transport.rs

@@ -406,31 +406,26 @@ impl crate::Repository {
                     }
 
                     {
-                        let key = "http.sslVerify";
-                        let ssl_verify = config
+                        let key = "gitoxide.http.sslNoVerify";
+                        let ssl_no_verify = config
                             .boolean_filter_by_key(key, &mut trusted_only)
-                            .map(|value| config::tree::Http::SSL_VERIFY.enrich_error(value))
+                            .map(|value| config::tree::gitoxide::Http::SSL_NO_VERIFY.enrich_error(value))
                             .transpose()
                             .with_leniency(lenient)
                             .map_err(config::transport::http::Error::from)?
-                            .unwrap_or(true);
-
-                        let ssl_no_verify = config
-                            .boolean_filter(
-                                "gitoxide",
-                                Some("http".into()),
-                                gitoxide::Http::SSL_NO_VERIFY.name,
-                                &mut trusted_only,
-                            )
-                            .and_then(Result::ok)
                             .unwrap_or_default();
 
-                        // ssl_no_verify take prority here because it is based on environment variable
-                        // and we try to match git behavior.
                         if ssl_no_verify {
                             opts.ssl_verify = false;
                         } else {
-                            opts.ssl_verify = ssl_verify;
+                            let key = "http.sslVerify";
+                            opts.ssl_verify = config
+                                .boolean_filter_by_key(key, &mut trusted_only)
+                                .map(|value| config::tree::Http::SSL_VERIFY.enrich_error(value))
+                                .transpose()
+                                .with_leniency(lenient)
+                                .map_err(config::transport::http::Error::from)?
+                                .unwrap_or(true);
                         }
                     }
 

gix/tests/fixtures/make_config_repos.sh

@@ -165,7 +165,13 @@ mkdir not-a-repo-with-files;
   touch this that
 )
 
-git init no-ssl-verify
-(cd no-ssl-verify
+git init ssl-verify-disabled
+(cd ssl-verify-disabled
   git config http.sslVerify false
 )
+
+git init ssl-no-verify-enabled
+(cd ssl-no-verify-enabled
+  git config http.sslVerify true
+  git config gitoxide.http.sslNoVerify true
+)

gix/tests/repository/config/transport_options.rs

@@ -109,7 +109,6 @@ mod http {
         );
 
         assert!(ssl_verify, "SSL verification is enabled by default if not configured");
-
         assert_eq!(http_version, Some(HttpVersion::V1_1));
     }
 
@@ -320,11 +319,21 @@ mod http {
     }
 
     #[test]
-    fn no_ssl_verify() {
-        let repo = repo("no-ssl-verify");
+    fn ssl_verify_disabled() {
+        let repo = repo("ssl-verify-disabled");
 
         let opts = http_options(&repo, None, "https://example.com/does/not/matter");
-
         assert!(!opts.ssl_verify);
     }
+
+    #[test]
+    fn ssl_no_verify_takes_precedence() {
+        let repo = repo("ssl-no-verify-enabled");
+
+        let opts = http_options(&repo, None, "https://example.com/does/not/matter");
+        assert!(
+            !opts.ssl_verify,
+            "even with `http.sslVerify` enabled, `gitoxide.http.sslNoVerify` takes precedence`"
+        );
+    }
 }