* Re: [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
2008-09-07 8:20 [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set Mike Hommey
@ 2008-09-07 8:35 ` Junio C Hamano
0 siblings, 0 replies; 2+ messages in thread
From: Junio C Hamano @ 2008-09-07 8:35 UTC (permalink / raw)
To: git; +Cc: Mike Hommey
Subject: Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Date: Thu, 21 Feb 2008 15:10:37 -0800
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
Mike Hommey <mh@glandium.org> writes:
> While rebasing old branches on master, I saw that I still had this
> patch[1] ahead, to which you replied with [2]. I might be guilty of not
> replying back then, but I think your version should be applied.
>
> 1. http://marc.info/?l=git&m=120362183916288&w=2
> 2. http://marc.info/?l=git&m=120363548506950&w=2
Thanks.
Just to make sure we are on the same page and to give other people
comment on and potentially offer better solution, this is the patch in
question.
Next time around, please forward/resend "old patches that should not have
been forgotten" in the way I am doing here.
diff --git a/http.c b/http.c
index 5925d07..8dce820 100644
--- a/http.c
+++ b/http.c
@@ -176,7 +176,16 @@ static CURL* get_curl_handle(void)
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
^ permalink raw reply related [flat|nested] 2+ messages in thread