git clone using GitPython library

Question

How to clone with disabled SSL checking, using GitPython library. The following code ...

import git
x = git.Repo.clone_from('https://xxx', '/home/xxx/lala')

... yields this error:

Error: fatal: unable to access 'xxx': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

I know about "export GIT_SSL_NO_VERIFY=1", but how to implement it in a python library ?

score 5 · Answer 1 · edited May 23 '17 at 10:33

The two following methods have been tested with GitPython 2.0.8 but should be working at least since 1.0.2 (from the doc).

As suggested by @Byron:

git.Repo.clone_from(
  'https://example.net/path/to/repo.git',
  'local_destination',
  branch='master', depth=1,
  env={'GIT_SSL_NO_VERIFY': '1'},
)

As suggested by @Christopher:

git.Repo.clone_from(
  'https://example.net/path/to/repo.git',
  'local_destination',
  branch='master', depth=1,
  config='http.sslVerify=false',
)

score 1 · Answer 2 · answered Jul 23 '15 at 14:24

It seems easiest to pass the GIT_SSL_NO_VERIFY environment variable to all git invocations. Unfortunately Git.update_environment(...) can only be used on an existing instance, which is why you would have to manipulate python's environment like so:

import git
import os

os.environ['GIT_SSL_NO_VERIFY'] = "1"
repo = git.Repo.clone_from('https://xxx', '/home/xxx/lala')

git clone using GitPython library

2 Answers2