Hi,

to create a release on a gitea instance with custom certificates i have to use insecure: true to get it working. Why is the global env variable DRONE_VOLUME=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:/etc/ssl/certs/ca-certificates.crt not respected?

Default plugin/git works without adding insecure...

The standard go http client ignores ca certificates of the system. It could be an option to integrate github.com/jackspirou/syscerts into this plugin.

Looks outdated but seems to be a solution in general

It haven't been updated for a while, but still works pretty good.

What about this? https://golang.org/src/crypto/x509/root_linux.go seems to be a buildin functionality

I am also wondering because i get an error from x509 because not root found

The client is not configured with any root certs.

And the mentioned lib at least got some windows support which is important for the drone on Windows preparation.

The client is not configured with any root certs.

Right, but for my understanding all plugins should support the global DRONE_VOLUME variables to passthrough a tls chain

Right, but for my understanding all plugins should support the global DRONE_VOLUME variables to passthrough a tls chain

Why? That's not defined anywhere. Beside that, DRONE_VOLUMES can mount anything, not only certs.

You are right there is no definition for a standard way to handle self signed vertificates in drone and over the whol pipeline. But there should be a global method... because for now it is a mess if you use self signed certificates. You dont think so?

From what i am reading here https://discourse.drone.io/t/0-8-git-self-signed-problem/974 it sound like "you can do it that way and it works" and not like "maybe it works maybe not, who knows"

The plugin got to support custom root certificates. If it doesn't support it feel free to contribute it.

By gitea instance also uses a custom root certificate and it works fine.

works