From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Cc: Mike Hommey <mh@glandium.org>
Subject: Re: [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Date: Sun, 07 Sep 2008 01:35:54 -0700 [thread overview]
Message-ID: <7v7i9onyj9.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <20080907082059.GA26705@glandium.org> (Mike Hommey's message of "Sun, 7 Sep 2008 10:20:59 +0200")
Subject: Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Date: Thu, 21 Feb 2008 15:10:37 -0800
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
Mike Hommey <mh@glandium.org> writes:
> While rebasing old branches on master, I saw that I still had this
> patch[1] ahead, to which you replied with [2]. I might be guilty of not
> replying back then, but I think your version should be applied.
>
> 1. http://marc.info/?l=git&m=120362183916288&w=2
> 2. http://marc.info/?l=git&m=120363548506950&w=2
Thanks.
Just to make sure we are on the same page and to give other people
comment on and potentially offer better solution, this is the patch in
question.
Next time around, please forward/resend "old patches that should not have
been forgotten" in the way I am doing here.
diff --git a/http.c b/http.c
index 5925d07..8dce820 100644
--- a/http.c
+++ b/http.c
@@ -176,7 +176,16 @@ static CURL* get_curl_handle(void)
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
prev parent reply other threads:[~2008-09-07 8:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-07 8:20 [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set Mike Hommey
2008-09-07 8:35 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7v7i9onyj9.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=mh@glandium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).