Andrew's git
/
gitweb.git
/ diff
summary
|
log
|
commit
| diff |
tree
commit
grep
author
committer
pickaxe
?
re
Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
author
Junio C Hamano
<gitster@pobox.com>
Thu, 21 Feb 2008 23:10:37 +0000
(15:10 -0800)
committer
Junio C Hamano
<gitster@pobox.com>
Sun, 7 Sep 2008 16:57:44 +0000
(09:57 -0700)
Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER
but SSL_VERIFYHOST was in effect even when the user asked not to with
the environment variable.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http.c
patch
|
blob
|
history
raw
|
patch
|
inline
| side by side (parent:
aaefbfa
)
diff --git
a/http.c
b/http.c
index 1108ab4a3101fb4768cad420ccfdb52d87890a18..a97fdf51173cf73d883c024d85109cbd4e607db9 100644
(file)
--- a/
http.c
+++ b/
http.c
@@
-165,7
+165,16
@@
static CURL* get_curl_handle(void)
{
CURL* result = curl_easy_init();
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif