From 84d83b8e75a85b22c6003eaf9416b98fe6916d29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= Date: Mon, 16 Mar 2015 19:41:50 +0100 Subject: [PATCH] http: do not try to use the cert callback on unencrypted streams When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback. --- src/stream.h | 5 +++++ src/transports/http.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/stream.h b/src/stream.h index 3a7ef9514..d810e704d 100644 --- a/src/stream.h +++ b/src/stream.h @@ -15,6 +15,11 @@ GIT_INLINE(int) git_stream_connect(git_stream *st) return st->connect(st); } +GIT_INLINE(int) git_stream_is_encrypted(git_stream *st) +{ + return st->encrypted; +} + GIT_INLINE(int) git_stream_certificate(git_cert **out, git_stream *st) { if (!st->encrypted) { diff --git a/src/transports/http.c b/src/transports/http.c index 0907afa6d..0cd33002f 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -558,7 +558,8 @@ static int http_connect(http_subtransport *t) error = git_stream_connect(t->io); #ifdef GIT_SSL - if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) { + if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL && + git_stream_is_encrypted(t->io)) { git_cert *cert; int is_valid;