char curl_errorstr[CURL_ERROR_SIZE];
static int curl_ssl_verify = -1;
-static char *ssl_cert = NULL;
+static const char *ssl_cert = NULL;
#if LIBCURL_VERSION_NUM >= 0x070902
-static char *ssl_key = NULL;
+static const char *ssl_key = NULL;
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
-static char *ssl_capath = NULL;
+static const char *ssl_capath = NULL;
#endif
-static char *ssl_cainfo = NULL;
+static const char *ssl_cainfo = NULL;
static long curl_low_speed_limit = -1;
static long curl_low_speed_time = -1;
static int curl_ftp_no_epsv = 0;
-static char *curl_http_proxy = NULL;
+static const char *curl_http_proxy = NULL;
static struct curl_slist *pragma_header;
}
if (!strcmp("http.sslcert", var)) {
- if (ssl_cert == NULL) {
- if (!value)
- return config_error_nonbool(var);
- ssl_cert = xstrdup(value);
- }
+ if (ssl_cert == NULL)
+ return git_config_string(&ssl_cert, var, value);
return 0;
}
#if LIBCURL_VERSION_NUM >= 0x070902
if (!strcmp("http.sslkey", var)) {
- if (ssl_key == NULL) {
- if (!value)
- return config_error_nonbool(var);
- ssl_key = xstrdup(value);
- }
+ if (ssl_key == NULL)
+ return git_config_string(&ssl_key, var, value);
return 0;
}
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
if (!strcmp("http.sslcapath", var)) {
- if (ssl_capath == NULL) {
- if (!value)
- return config_error_nonbool(var);
- ssl_capath = xstrdup(value);
- }
+ if (ssl_capath == NULL)
+ return git_config_string(&ssl_capath, var, value);
return 0;
}
#endif
if (!strcmp("http.sslcainfo", var)) {
- if (ssl_cainfo == NULL) {
- if (!value)
- return config_error_nonbool(var);
- ssl_cainfo = xstrdup(value);
- }
+ if (ssl_cainfo == NULL)
+ return git_config_string(&ssl_cainfo, var, value);
return 0;
}
return 0;
}
if (!strcmp("http.proxy", var)) {
- if (curl_http_proxy == NULL) {
- if (!value)
- return config_error_nonbool(var);
- curl_http_proxy = xstrdup(value);
- }
+ if (curl_http_proxy == NULL)
+ return git_config_string(&curl_http_proxy, var, value);
return 0;
}
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
pragma_header = NULL;
if (curl_http_proxy) {
- free(curl_http_proxy);
+ free((void *)curl_http_proxy);
curl_http_proxy = NULL;
}
}
void add_fill_function(void *data, int (*fill)(void *))
{
- struct fill_chain *new = malloc(sizeof(*new));
+ struct fill_chain *new = xmalloc(sizeof(*new));
struct fill_chain **linkp = &fill_cfg;
new->data = data;
new->fill = fill;