diff --git a/include/git2/remote.h b/include/git2/remote.h index 723147590..d2cc3e8e7 100644 --- a/include/git2/remote.h +++ b/include/git2/remote.h @@ -410,14 +410,6 @@ GIT_EXTERN(int) git_remote_supported_url(const char* url); */ GIT_EXTERN(int) git_remote_list(git_strarray *out, git_repository *repo); -/** - * Choose whether to check the server's certificate (applies to HTTPS only) - * - * @param remote the remote to configure - * @param check whether to check the server's certificate (defaults to yes) - */ -GIT_EXTERN(void) git_remote_check_cert(git_remote *remote, int check); - /** * Argument to the completion callback which tells it which operation * finished. diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h index 44d41c14d..1e8f4e4ed 100644 --- a/include/git2/sys/transport.h +++ b/include/git2/sys/transport.h @@ -23,9 +23,6 @@ GIT_BEGIN_DECL typedef enum { GIT_TRANSPORTFLAGS_NONE = 0, - /* If the connection is secured with SSL/TLS, the authenticity - * of the server certificate should not be verified. */ - GIT_TRANSPORTFLAGS_NO_CHECK_CERT = 1 } git_transport_flags_t; typedef struct git_transport git_transport; diff --git a/src/netops.c b/src/netops.c index 67d49a529..43b8c5311 100644 --- a/src/netops.c +++ b/src/netops.c @@ -387,7 +387,7 @@ cert_fail_name: return GIT_ECERTIFICATE; } -static int ssl_setup(gitno_socket *socket, const char *host, int flags) +static int ssl_setup(gitno_socket *socket, const char *host) { int ret; @@ -406,9 +406,6 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags) if ((ret = SSL_connect(socket->ssl.ssl)) <= 0) return ssl_set_error(&socket->ssl, ret); - if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags) - return 0; - return verify_server_cert(&socket->ssl, host); } #endif @@ -495,7 +492,7 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f #ifdef GIT_SSL if ((flags & GITNO_CONNECT_SSL) && - (ret = ssl_setup(s_out, host, flags)) < 0) + (ret = ssl_setup(s_out, host)) < 0) return ret; #else /* SSL is not supported */ diff --git a/src/netops.h b/src/netops.h index dfb4ab7b4..beb0e0760 100644 --- a/src/netops.h +++ b/src/netops.h @@ -47,10 +47,6 @@ typedef struct gitno_buffer gitno_buffer; enum { /* Attempt to create an SSL connection. */ GITNO_CONNECT_SSL = 1, - - /* Valid only when GITNO_CONNECT_SSL is also specified. - * Indicates that the server certificate should not be validated. */ - GITNO_CONNECT_SSL_NO_CHECK_CERT = 2, }; /** diff --git a/src/remote.c b/src/remote.c index 9c93f67a1..46a610c3a 100644 --- a/src/remote.c +++ b/src/remote.c @@ -80,6 +80,8 @@ static int ensure_remote_name_is_valid(const char *name) return error; } +#if 0 +/* We could export this as a helper */ static int get_check_cert(int *out, git_repository *repo) { git_config *cfg; @@ -105,6 +107,7 @@ static int get_check_cert(int *out, git_repository *repo) *out = git_config__get_bool_force(cfg, "http.sslverify", 1); return 0; } +#endif static int create_internal(git_remote **out, git_repository *repo, const char *name, const char *url, const char *fetch) { @@ -121,9 +124,6 @@ static int create_internal(git_remote **out, git_repository *repo, const char *n remote->repo = repo; remote->update_fetchhead = 1; - if (get_check_cert(&remote->check_cert, repo) < 0) - goto on_error; - if (git_vector_init(&remote->refs, 32, NULL) < 0) goto on_error; @@ -274,7 +274,6 @@ int git_remote_dup(git_remote **dest, git_remote *source) remote->transport_cb_payload = source->transport_cb_payload; remote->repo = source->repo; remote->download_tags = source->download_tags; - remote->check_cert = source->check_cert; remote->update_fetchhead = source->update_fetchhead; if (git_vector_init(&remote->refs, 32, NULL) < 0 || @@ -369,9 +368,6 @@ int git_remote_load(git_remote **out, git_repository *repo, const char *name) remote->name = git__strdup(name); GITERR_CHECK_ALLOC(remote->name); - if ((error = get_check_cert(&remote->check_cert, repo)) < 0) - goto cleanup; - if (git_vector_init(&remote->refs, 32, NULL) < 0 || git_vector_init(&remote->refspecs, 2, NULL) < 0 || git_vector_init(&remote->active_refspecs, 2, NULL) < 0) { @@ -676,9 +672,6 @@ int git_remote_connect(git_remote *remote, git_direction direction) (error = t->set_callbacks(t, remote->callbacks.sideband_progress, NULL, remote->callbacks.certificate_check, remote->callbacks.payload)) < 0) goto on_error; - if (!remote->check_cert) - flags |= GIT_TRANSPORTFLAGS_NO_CHECK_CERT; - if ((error = t->connect(t, url, remote->callbacks.credentials, remote->callbacks.payload, direction, flags)) != 0) goto on_error; @@ -1244,13 +1237,6 @@ int git_remote_list(git_strarray *remotes_list, git_repository *repo) return 0; } -void git_remote_check_cert(git_remote *remote, int check) -{ - assert(remote); - - remote->check_cert = check; -} - int git_remote_set_callbacks(git_remote *remote, const git_remote_callbacks *callbacks) { assert(remote && callbacks); diff --git a/src/remote.h b/src/remote.h index c471756b8..f88601e9b 100644 --- a/src/remote.h +++ b/src/remote.h @@ -31,7 +31,6 @@ struct git_remote { git_transfer_progress stats; unsigned int need_pack; git_remote_autotag_option_t download_tags; - int check_cert; int update_fetchhead; }; diff --git a/src/transports/http.c b/src/transports/http.c index 3f74bd149..1bbef81b8 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -545,9 +545,6 @@ static int http_connect(http_subtransport *t) return -1; flags |= GITNO_CONNECT_SSL; - - if (GIT_TRANSPORTFLAGS_NO_CHECK_CERT & tflags) - flags |= GITNO_CONNECT_SSL_NO_CHECK_CERT; } error = gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags);