proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-11 13:12:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bring certificate check back to the normal return code

Browse Source 
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
This commit is contained in:
Carlos Martín Nieto 2014-08-29 21:25:13 +02:00
parent 2f5864c50c
commit 23ca0ad5eb
3 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/transports/http.c
View File

@ -555,7 +555,7 @@ static int http_connect(http_subtransport *t)
#ifdef GIT_SSL #ifdef GIT_SSL
if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) { if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl); X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
int allow, len, is_valid; int len, is_valid;
unsigned char *guard, *encoded_cert; unsigned char *guard, *encoded_cert;
/* Retrieve the length of the certificate first */ /* Retrieve the length of the certificate first */
@ -578,17 +578,17 @@ static int http_connect(http_subtransport *t)
return -1; return -1;
} }
giterr_clear();
is_valid = error != GIT_ECERTIFICATE; is_valid = error != GIT_ECERTIFICATE;
allow = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload); error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
git__free(encoded_cert); git__free(encoded_cert);
if (allow < 0) { if (error < 0) {
error = allow; if (!giterr_last())
} else if (!allow) { giterr_set(GITERR_NET, "user cancelled certificate check");
error = GIT_ECERTIFICATE;
} else { return error;
error = 0; }
}
} }
#endif #endif
if (error < 0) if (error < 0)

17
src/transports/ssh.c
View File

@ -476,7 +476,6 @@ static int _git_ssh_setup_conn(
if (t->owner->certificate_check_cb != NULL) { if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert; git_cert_hostkey cert;
const char *key; const char *key;
int allow;
size_t certlen; size_t certlen;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1; cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
@ -498,16 +497,14 @@ static int _git_ssh_setup_conn(
} }
/* We don't currently trust any hostkeys */ /* We don't currently trust any hostkeys */
allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload); giterr_clear();
if (allow < 0) { error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
error = allow; if (error < 0) {
goto on_error; if (!giterr_last())
} giterr_set(GITERR_NET, "user cancelled hostkey check");
if (!allow) { goto on_error;
error = GIT_ECERTIFICATE; }
goto on_error;
}
} }
/* we need the username to ask for auth methods */ /* we need the username to ask for auth methods */

4
tests/online/clone.c
View File

@ -478,7 +478,7 @@ static int fail_certificate_check(git_cert_t type, void *data, size_t len, int v
GIT_UNUSED(valid); GIT_UNUSED(valid);
GIT_UNUSED(payload); GIT_UNUSED(payload);
return 0; return GIT_ECERTIFICATE;
} }
void test_online_clone__certificate_invalid(void) void test_online_clone__certificate_invalid(void)
@ -500,7 +500,7 @@ static int succeed_certificate_check(git_cert_t type, void *data, size_t len, in
GIT_UNUSED(valid); GIT_UNUSED(valid);
GIT_UNUSED(payload); GIT_UNUSED(payload);
return 1; return 0;
} }
void test_online_clone__certificate_valid(void) void test_online_clone__certificate_valid(void)