From f7c51544908457f6251f63d4b90c1102de720896 Mon Sep 17 00:00:00 2001
From: Guillermo Ignacio Enriquez Gutierrez <nacho4d@mac.com>
Date: Mon, 7 Nov 2016 09:50:57 +0900
Subject: [PATCH] Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false
 (#2361)

---
 lib/core/resolvers/GitResolver.js  | 4 +++-
 test/core/resolvers/gitResolver.js | 9 +++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/core/resolvers/GitResolver.js b/lib/core/resolvers/GitResolver.js
index 9f4917f60..9c64e7272 100644
--- a/lib/core/resolvers/GitResolver.js
+++ b/lib/core/resolvers/GitResolver.js
@@ -26,7 +26,9 @@ function GitResolver(decEndpoint, config, logger) {
     // anyway
     mkdirp.sync(config.storage.empty);
     process.env.GIT_TEMPLATE_DIR = config.storage.empty;
-    process.env.GIT_SSL_NO_VERIFY = (!config.strictSsl).toString();
+    if (!config.strictSsl) {
+        process.env.GIT_SSL_NO_VERIFY = 'true';
+    }
     process.env.GIT_TERMINAL_PROMPT = config.interactive ? '1' : '0';
 
     Resolver.call(this, decEndpoint, config, logger);
diff --git a/test/core/resolvers/gitResolver.js b/test/core/resolvers/gitResolver.js
index 2ec33ad8f..92a4242e0 100644
--- a/test/core/resolvers/gitResolver.js
+++ b/test/core/resolvers/gitResolver.js
@@ -50,16 +50,17 @@ describe('GitResolver', function () {
             expect(process.env).to.not.have.property('GIT_SSL_NO_VERIFY');
 
             resolver = new GitResolver(decEndpoint, defaultConfig(), logger);
-            expect(process.env).to.have.property('GIT_SSL_NO_VERIFY', 'false');
-            delete process.env.GIT_SSL_NO_VERIFY;
+            expect(process.env).to.not.have.property('GIT_SSL_NO_VERIFY');
 
             resolver = new GitResolver(decEndpoint, defaultConfig({strictSsl: false}), logger);
             expect(process.env).to.have.property('GIT_SSL_NO_VERIFY', 'true');
             delete process.env.GIT_SSL_NO_VERIFY;
 
+            // git only checks the existence of GIT_SSL_NO_VERIFY.
+            // git does NOT check whether is true of false.
+            // Hence not exporting GIT_SSL_NO_VERIFY is effectively equivalent to 'false'
             resolver = new GitResolver(decEndpoint, defaultConfig({strictSsl: true}), logger);
-            expect(process.env).to.have.property('GIT_SSL_NO_VERIFY', 'false');
-            delete process.env.GIT_SSL_NO_VERIFY;
+            expect(process.env).to.not.have.property('GIT_SSL_NO_VERIFY');
         });
     });