[Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
@ 2008-09-07  8:20 Mike Hommey
  2008-09-07  8:35 ` Junio C Hamano
  0 siblings, 1 reply; 2+ messages in thread
From: Mike Hommey @ 2008-09-07  8:20 UTC (permalink / raw)
  To: git, gitster

Hi,

While rebasing old branches on master, I saw that I still had this
patch[1] ahead, to which you replied with [2]. I might be guilty of not
replying back then, but I think your version should be applied.

Cheers,

Mike

1. http://marc.info/?l=git&m=120362183916288&w=2
2. http://marc.info/?l=git&m=120363548506950&w=2

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
  2008-09-07  8:20 [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set Mike Hommey
@ 2008-09-07  8:35 ` Junio C Hamano
  0 siblings, 0 replies; 2+ messages in thread
From: Junio C Hamano @ 2008-09-07  8:35 UTC (permalink / raw)
  To: git; +Cc: Mike Hommey

Subject: Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Date: Thu, 21 Feb 2008 15:10:37 -0800

Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 Mike Hommey <mh@glandium.org> writes:

 > While rebasing old branches on master, I saw that I still had this
 > patch[1] ahead, to which you replied with [2]. I might be guilty of not
 > replying back then, but I think your version should be applied.
 >
 > 1. http://marc.info/?l=git&m=120362183916288&w=2
 > 2. http://marc.info/?l=git&m=120363548506950&w=2

 Thanks.

 Just to make sure we are on the same page and to give other people
 comment on and potentially offer better solution, this is the patch in
 question.

 Next time around, please forward/resend "old patches that should not have
 been forgotten" in the way I am doing here.

diff --git a/http.c b/http.c
index 5925d07..8dce820 100644
--- a/http.c
+++ b/http.c
@@ -176,7 +176,16 @@ static CURL* get_curl_handle(void)
 {
 	CURL* result = curl_easy_init();
 
-	curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+	if (!curl_ssl_verify) {
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+	} else {
+		/* Verify authenticity of the peer's certificate */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+		/* The name in the cert must match whom we tried to connect */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x070907
 	curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
 #endif

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-09-07  8:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-07  8:20 [Patch reminder] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set Mike Hommey
2008-09-07  8:35 ` Junio C Hamano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).