Bring certificate check back to the normal return code

Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2025-05-09 19:58:09 +00:00 · 2014-08-29 21:25:13 +02:00 · 2014-08-29 21:25:13 +02:00 · 23ca0ad5eb
commit 23ca0ad5eb
parent 2f5864c50c
3 changed files with 18 additions and 21 deletions
--- a/src/transports/http.c
+++ b/src/transports/http.c
@ -555,7 +555,7 @@ static int http_connect(http_subtransport *t)
 #ifdef GIT_SSL
 	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
                X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
-                int allow, len, is_valid;
+                int len, is_valid;
 		unsigned char *guard, *encoded_cert;

 		/* Retrieve the length of the certificate first */
@ -578,17 +578,17 @@ static int http_connect(http_subtransport *t)
 			return -1;
 		}

+		giterr_clear();
 		is_valid = error != GIT_ECERTIFICATE;
-                allow = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
+                error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
 		git__free(encoded_cert);

-                if (allow < 0) {
-                        error = allow;
-                } else if (!allow) {
-                        error = GIT_ECERTIFICATE;
-                } else {
-                        error = 0;
-                }
+		if (error < 0) {
+			if (!giterr_last())
+				giterr_set(GITERR_NET, "user cancelled certificate check");
+
+			return error;
+		}
 	}
 #endif
 	if (error < 0)
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@ -476,7 +476,6 @@ static int _git_ssh_setup_conn(
 	if (t->owner->certificate_check_cb != NULL) {
 		git_cert_hostkey cert;
 		const char *key;
-		int allow;
 		size_t certlen;

 		cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
@ -498,16 +497,14 @@ static int _git_ssh_setup_conn(
 		}

 		/* We don't currently trust any hostkeys */
-                allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
-                if (allow < 0) {
-                        error = allow;
-                        goto on_error;
-                }
+		giterr_clear();
+                error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
+		if (error < 0) {
+			if (!giterr_last())
+				giterr_set(GITERR_NET, "user cancelled hostkey check");

-                if (!allow) {
-                        error = GIT_ECERTIFICATE;
-                        goto on_error;
-                }
+			goto on_error;
+		}
        }

 	/* we need the username to ask for auth methods */
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@ -478,7 +478,7 @@ static int fail_certificate_check(git_cert_t type, void *data, size_t len, int v
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);

-	return 0;
+	return GIT_ECERTIFICATE;
 }

 void test_online_clone__certificate_invalid(void)
@ -500,7 +500,7 @@ static int succeed_certificate_check(git_cert_t type, void *data, size_t len, in
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);

-	return 1;
+	return 0;
 }

 void test_online_clone__certificate_valid(void)