proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-09 20:29:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

winhttp: set ignore security flags on user command

Browse Source 
If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
This commit is contained in:
Carlos Martín Nieto 2014-08-30 14:26:57 +02:00
parent 67c84e06f3
commit 7c8acc54be
1 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/transports/winhttp.c
View File

@ -558,7 +558,7 @@ on_error:
return error; return error;
} }
static int send_request(winhttp_stream *s, size_t len, int ignore_length) static int do_send_request(winhttp_stream *s, size_t len, int ignore_length)
{ {
int request_failed = 0, cert_valid = 1, error = 0; int request_failed = 0, cert_valid = 1, error = 0;
@ -567,26 +567,62 @@ static int send_request(winhttp_stream *s, size_t len, int ignore_length)
WINHTTP_NO_ADDITIONAL_HEADERS, 0, WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0, WINHTTP_NO_REQUEST_DATA, 0,
WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH, 0)) { WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH, 0)) {
request_failed = 1; return -1;
} }
} else { } else {
if (!WinHttpSendRequest(s->request, if (!WinHttpSendRequest(s->request,
WINHTTP_NO_ADDITIONAL_HEADERS, 0, WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0, WINHTTP_NO_REQUEST_DATA, 0,
len, 0)) { len, 0)) {
request_failed = 1; return -1;
} }
} }
if (request_failed && GetLastError() == ERROR_WINHTTP_SECURE_FAILURE) return 0;
cert_valid = 0; }
static int send_request(winhttp_stream *s, size_t len, int ignore_length)
{
int request_failed = 0, cert_valid = 1, error = 0;
DWORD ignore_flags;
if ((error = do_send_request(s, len, ignore_length)) < 0)
request_failed = 1;
if (request_failed) {
if (GetLastError() != ERROR_WINHTTP_SECURE_FAILURE) {
giterr_set(GITERR_OS, "failed to send request");
return -1;
} else {
cert_valid = 0;
}
}
giterr_clear(); giterr_clear();
if ((error = certificate_check(s, cert_valid)) < 0) { if ((error = certificate_check(s, cert_valid)) < 0) {
if (!giterr_last()) if (!giterr_last())
giterr_set(GITERR_OS, "failed to send request"); giterr_set(GITERR_OS, "user cancelled certificate check");
return error;
} }
/* if neither the request nor the certificate check returned errors, we're done */
if (!request_failed)
return 0;
ignore_flags =
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA;
if (!WinHttpSetOption(s->request, WINHTTP_OPTION_SECURITY_FLAGS, &ignore_flags, sizeof(ignore_flags))) {
giterr_set(GITERR_OS, "failed to set security options");
return -1;
}
if ((error = do_send_request(s, len, ignore_length)) < 0)
giterr_set(GITERR_OS, "failed to send request");
return error; return error;
} }