Provide host name to certificate_check_cb

Signed-off-by: Sven Strickroth <email@cs-ware.de>
2025-05-21 18:03:54 +00:00 · 2014-09-18 12:23:07 +02:00 · 2014-09-18 12:23:07 +02:00 · e6e834a129
commit e6e834a129
parent 14556cbff7
5 changed files with 11 additions and 7 deletions
--- a/include/git2/types.h
+++ b/include/git2/types.h
@ -287,9 +287,10 @@ typedef struct {
 * @param len The size of the certificate or host info
 * @param valid Whether the libgit2 checks (OpenSSL or WinHTTP) think
 * this certificate is valid
+ * @param host Hostname of the host libgit2 connected to
 * @param payload Payload provided by the caller
 */
-typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, void *payload);
+typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload);

 /**
 * Opaque structure representing a submodule.
--- a/src/transports/http.c
+++ b/src/transports/http.c
@ -581,7 +581,7 @@ static int http_connect(http_subtransport *t)
 		cert_info.cert_type = GIT_CERT_X509;
 		cert_info.data = encoded_cert;
 		cert_info.len = len;
-                error = t->owner->certificate_check_cb((git_cert *) &cert_info, is_valid, t->owner->message_cb_payload);
+		error = t->owner->certificate_check_cb((git_cert *) &cert_info, is_valid, t->connection_data.host, t->owner->message_cb_payload);
 		git__free(encoded_cert);

 		if (error < 0) {
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@ -504,7 +504,7 @@ static int _git_ssh_setup_conn(

 		/* We don't currently trust any hostkeys */
 		giterr_clear();
-                error = t->owner->certificate_check_cb((git_cert *) &cert, 0, t->owner->message_cb_payload);
+		error = t->owner->certificate_check_cb((git_cert *) &cert, 0, host, t->owner->message_cb_payload);
 		if (error < 0) {
 			if (!giterr_last())
 				giterr_set(GITERR_NET, "user cancelled hostkey check");
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@ -229,7 +229,7 @@ static int certificate_check(winhttp_stream *s, int valid)
 	cert.cert_type = GIT_CERT_X509;
 	cert.data = cert_ctx->pbCertEncoded;
 	cert.len = cert_ctx->cbCertEncoded;
-	error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->owner->cred_acquire_payload);
+	error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->connection_data.host, t->owner->cred_acquire_payload);
 	CertFreeCertificateContext(cert_ctx);

 	if (error < 0 && !giterr_last())
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@ -473,13 +473,14 @@ void test_online_clone__ssh_cannot_change_username(void)
 	cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
 }

-int ssh_certificate_check(git_cert *cert, int valid, void *payload)
+int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
 {
 	git_cert_hostkey *key;
 	git_oid expected = {{0}}, actual = {{0}};
 	const char *expected_str;

 	GIT_UNUSED(valid);
+	GIT_UNUSED(host);
 	GIT_UNUSED(payload);

 	expected_str = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT");
@ -523,10 +524,11 @@ void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void)
 		GIT_EINVALIDSPEC);
 }

-static int fail_certificate_check(git_cert *cert, int valid, void *payload)
+static int fail_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
 {
 	GIT_UNUSED(cert);
 	GIT_UNUSED(valid);
+	GIT_UNUSED(host);
 	GIT_UNUSED(payload);

 	return GIT_ECERTIFICATE;
@ -545,10 +547,11 @@ void test_online_clone__certificate_invalid(void)
 #endif
 }

-static int succeed_certificate_check(git_cert *cert, int valid, void *payload)
+static int succeed_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
 {
 	GIT_UNUSED(cert);
 	GIT_UNUSED(valid);
+	GIT_UNUSED(host);
 	GIT_UNUSED(payload);

 	return 0;