Extend index to save more flags
[gitweb.git] / http.c
diff --git a/http.c b/http.c
index 105dc93843ba1f01ea0d40c63dd174e879f1a25a..ed59b79709b11dc6f6d85e86d75a1a8883799f21 100644 (file)
--- a/http.c
+++ b/http.c
@@ -13,14 +13,14 @@ static CURL *curl_default;
 char curl_errorstr[CURL_ERROR_SIZE];
 
 static int curl_ssl_verify = -1;
-static char *ssl_cert = NULL;
+static const char *ssl_cert = NULL;
 #if LIBCURL_VERSION_NUM >= 0x070902
-static char *ssl_key = NULL;
+static const char *ssl_key = NULL;
 #endif
 #if LIBCURL_VERSION_NUM >= 0x070908
-static char *ssl_capath = NULL;
+static const char *ssl_capath = NULL;
 #endif
-static char *ssl_cainfo = NULL;
+static const char *ssl_cainfo = NULL;
 static long curl_low_speed_limit = -1;
 static long curl_low_speed_time = -1;
 static int curl_ftp_no_epsv = 0;
@@ -30,10 +30,11 @@ static struct curl_slist *pragma_header;
 
 static struct active_request_slot *active_queue_head = NULL;
 
-size_t fread_buffer(void *ptr, size_t eltsize, size_t nmemb,
-                          struct buffer *buffer)
+size_t fread_buffer(void *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
        size_t size = eltsize * nmemb;
+       struct buffer *buffer = buffer_;
+
        if (size > buffer->buf.len - buffer->posn)
                size = buffer->buf.len - buffer->posn;
        memcpy(ptr, buffer->buf.buf + buffer->posn, size);
@@ -42,17 +43,17 @@ size_t fread_buffer(void *ptr, size_t eltsize, size_t nmemb,
        return size;
 }
 
-size_t fwrite_buffer(const void *ptr, size_t eltsize,
-                           size_t nmemb, struct strbuf *buffer)
+size_t fwrite_buffer(const void *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
        size_t size = eltsize * nmemb;
+       struct strbuf *buffer = buffer_;
+
        strbuf_add(buffer, ptr, size);
        data_received++;
        return size;
 }
 
-size_t fwrite_null(const void *ptr, size_t eltsize,
-                         size_t nmemb, struct strbuf *buffer)
+size_t fwrite_null(const void *ptr, size_t eltsize, size_t nmemb, void *strbuf)
 {
        data_received++;
        return eltsize * nmemb;
@@ -100,39 +101,27 @@ static int http_options(const char *var, const char *value, void *cb)
        }
 
        if (!strcmp("http.sslcert", var)) {
-               if (ssl_cert == NULL) {
-                       if (!value)
-                               return config_error_nonbool(var);
-                       ssl_cert = xstrdup(value);
-               }
+               if (ssl_cert == NULL)
+                       return git_config_string(&ssl_cert, var, value);
                return 0;
        }
 #if LIBCURL_VERSION_NUM >= 0x070902
        if (!strcmp("http.sslkey", var)) {
-               if (ssl_key == NULL) {
-                       if (!value)
-                               return config_error_nonbool(var);
-                       ssl_key = xstrdup(value);
-               }
+               if (ssl_key == NULL)
+                       return git_config_string(&ssl_key, var, value);
                return 0;
        }
 #endif
 #if LIBCURL_VERSION_NUM >= 0x070908
        if (!strcmp("http.sslcapath", var)) {
-               if (ssl_capath == NULL) {
-                       if (!value)
-                               return config_error_nonbool(var);
-                       ssl_capath = xstrdup(value);
-               }
+               if (ssl_capath == NULL)
+                       return git_config_string(&ssl_capath, var, value);
                return 0;
        }
 #endif
        if (!strcmp("http.sslcainfo", var)) {
-               if (ssl_cainfo == NULL) {
-                       if (!value)
-                               return config_error_nonbool(var);
-                       ssl_cainfo = xstrdup(value);
-               }
+               if (ssl_cainfo == NULL)
+                       return git_config_string(&ssl_cainfo, var, value);
                return 0;
        }
 
@@ -176,7 +165,16 @@ static CURL* get_curl_handle(void)
 {
        CURL* result = curl_easy_init();
 
-       curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+       if (!curl_ssl_verify) {
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+       } else {
+               /* Verify authenticity of the peer's certificate */
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+               /* The name in the cert must match whom we tried to connect */
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+       }
+
 #if LIBCURL_VERSION_NUM >= 0x070907
        curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
 #endif
@@ -413,7 +411,7 @@ static struct fill_chain *fill_cfg = NULL;
 
 void add_fill_function(void *data, int (*fill)(void *))
 {
-       struct fill_chain *new = malloc(sizeof(*new));
+       struct fill_chain *new = xmalloc(sizeof(*new));
        struct fill_chain **linkp = &fill_cfg;
        new->data = data;
        new->fill = fill;