proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-29 15:10:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl: allow skipping the server certificate check

Browse Source 
Sometimes it's useful not to perform the check. Allow it to be
configurable.
This commit is contained in:
Carlos Martín Nieto 2012-05-26 21:17:08 +02:00
parent 441df990b4
commit 250b95b24b
6 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/git2/remote.h
View File

@ -229,6 +229,15 @@ GIT_EXTERN(int) git_remote_list(git_strarray *remotes_list, git_repository *repo
*/ */
GIT_EXTERN(int) git_remote_add(git_remote **out, git_repository *repo, const char *name, const char *url); GIT_EXTERN(int) git_remote_add(git_remote **out, git_repository *repo, const char *name, const char *url);
/**
* Choose whether to check the server's certificate (applies to HTTPS only)
*
* @param remote the remote to configure
* @param check whether to check the server's certificate (defaults to yes)
*/
GIT_EXTERN(void) git_remote_check_cert(git_remote *remote, int check);
/** @} */ /** @} */
GIT_END_DECL GIT_END_DECL
#endif #endif

2
src/netops.c
View File

@ -358,7 +358,7 @@ static int ssl_setup(git_transport *t, const char *host)
if ((ret = SSL_connect(t->ssl.ssl)) <= 0) if ((ret = SSL_connect(t->ssl.ssl)) <= 0)
return ssl_set_error(&t->ssl, ret); return ssl_set_error(&t->ssl, ret);
if (verify_server_cert(t, host) < 0) if (t->check_cert && verify_server_cert(t, host) < 0)
return -1; return -1;
return 0; return 0;

10
src/remote.c
View File

@ -66,6 +66,7 @@ int git_remote_new(git_remote **out, git_repository *repo, const char *name, con
memset(remote, 0x0, sizeof(git_remote)); memset(remote, 0x0, sizeof(git_remote));
remote->repo = repo; remote->repo = repo;
remote->check_cert = 1;
if (git_vector_init(&remote->refs, 32, NULL) < 0) if (git_vector_init(&remote->refs, 32, NULL) < 0)
return -1; return -1;
@ -108,6 +109,7 @@ int git_remote_load(git_remote **out, git_repository *repo, const char *name)
GITERR_CHECK_ALLOC(remote); GITERR_CHECK_ALLOC(remote);
memset(remote, 0x0, sizeof(git_remote)); memset(remote, 0x0, sizeof(git_remote));
remote->check_cert = 1;
remote->name = git__strdup(name); remote->name = git__strdup(name);
GITERR_CHECK_ALLOC(remote->name); GITERR_CHECK_ALLOC(remote->name);
@ -287,6 +289,7 @@ int git_remote_connect(git_remote *remote, int direction)
if (git_transport_new(&t, remote->url) < 0) if (git_transport_new(&t, remote->url) < 0)
return -1; return -1;
t->check_cert = remote->check_cert;
if (t->connect(t, direction) < 0) { if (t->connect(t, direction) < 0) {
goto on_error; goto on_error;
} }
@ -508,3 +511,10 @@ on_error:
git_remote_free(*out); git_remote_free(*out);
return -1; return -1;
} }
void git_remote_check_cert(git_remote *remote, int check)
{
assert(remote);
remote->check_cert = check;
}

3
src/remote.h
View File

@ -19,7 +19,8 @@ struct git_remote {
struct git_refspec push; struct git_refspec push;
git_transport *transport; git_transport *transport;
git_repository *repo; git_repository *repo;
unsigned int need_pack:1; unsigned int need_pack:1,
check_cert;
}; };
#endif #endif

1
src/transport.h
View File

@ -69,6 +69,7 @@ struct git_transport {
*/ */
int direction : 1, /* 0 fetch, 1 push */ int direction : 1, /* 0 fetch, 1 push */
connected : 1, connected : 1,
check_cert: 1,
encrypt : 1; encrypt : 1;
#ifdef GIT_SSL #ifdef GIT_SSL
struct gitno_ssl ssl; struct gitno_ssl ssl;

1
src/transports/http.c
View File

@ -692,6 +692,7 @@ int git_transport_https(git_transport **out)
return -1; return -1;
t->parent.encrypt = 1; t->parent.encrypt = 1;
t->parent.check_cert = 1;
*out = (git_transport *) t; *out = (git_transport *) t;
return 0; return 0;