proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-07 18:11:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

netops: provide more specific error for cert failure

Browse Source 
Specify what we do not like about the certificate. In this case, we do
not like the name.
This commit is contained in:
Carlos Martín Nieto 2014-04-26 14:16:42 +02:00
parent 1f0d4f3d8d
commit 51d3f6f5f2
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/netops.c
View File

@ -321,7 +321,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
GENERAL_NAMES_free(alts); GENERAL_NAMES_free(alts);
if (matched == 0) if (matched == 0)
goto cert_fail; goto cert_fail_name;
if (matched == 1) if (matched == 1)
return 0; return 0;
@ -358,11 +358,11 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
int size = ASN1_STRING_to_UTF8(&peer_cn, str); int size = ASN1_STRING_to_UTF8(&peer_cn, str);
GITERR_CHECK_ALLOC(peer_cn); GITERR_CHECK_ALLOC(peer_cn);
if (memchr(peer_cn, '\0', size)) if (memchr(peer_cn, '\0', size))
goto cert_fail; goto cert_fail_name;
} }
if (check_host_name((char *)peer_cn, host) < 0) if (check_host_name((char *)peer_cn, host) < 0)
goto cert_fail; goto cert_fail_name;
OPENSSL_free(peer_cn); OPENSSL_free(peer_cn);
@ -372,9 +372,9 @@ on_error:
OPENSSL_free(peer_cn); OPENSSL_free(peer_cn);
return ssl_set_error(ssl, 0); return ssl_set_error(ssl, 0);
cert_fail: cert_fail_name:
OPENSSL_free(peer_cn); OPENSSL_free(peer_cn);
giterr_set(GITERR_SSL, "Certificate host name check failed"); giterr_set(GITERR_SSL, "hostname does not match certificate");
return -1; return -1;
} }