diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-11 10:04:05 +0200 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-16 17:01:32 +0200 |
| commit | 41698f22f683d3452ef83de3b3e82f5cb178b0b3 (patch) | |
| tree | f38345fbab3b5865fbd34531afd44446e6a98a9e | |
| parent | 2aee4642ef9c0cffcebc443e81a706f3e458906f (diff) | |
| download | libgit2-41698f22f683d3452ef83de3b3e82f5cb178b0b3.tar.gz | |
net: remove support for outright ignoring certificates
This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.
If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.
| -rw-r--r-- | include/git2/remote.h | 8 | ||||
| -rw-r--r-- | include/git2/sys/transport.h | 3 | ||||
| -rw-r--r-- | src/netops.c | 7 | ||||
| -rw-r--r-- | src/netops.h | 4 | ||||
| -rw-r--r-- | src/remote.c | 20 | ||||
| -rw-r--r-- | src/remote.h | 1 | ||||
| -rw-r--r-- | src/transports/http.c | 3 |
7 files changed, 5 insertions, 41 deletions
diff --git a/include/git2/remote.h b/include/git2/remote.h index 723147590..d2cc3e8e7 100644 --- a/include/git2/remote.h +++ b/include/git2/remote.h @@ -411,14 +411,6 @@ GIT_EXTERN(int) git_remote_supported_url(const char* url); GIT_EXTERN(int) git_remote_list(git_strarray *out, git_repository *repo); /** - * Choose whether to check the server's certificate (applies to HTTPS only) - * - * @param remote the remote to configure - * @param check whether to check the server's certificate (defaults to yes) - */ -GIT_EXTERN(void) git_remote_check_cert(git_remote *remote, int check); - -/** * Argument to the completion callback which tells it which operation * finished. */ diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h index 44d41c14d..1e8f4e4ed 100644 --- a/include/git2/sys/transport.h +++ b/include/git2/sys/transport.h @@ -23,9 +23,6 @@ GIT_BEGIN_DECL typedef enum { GIT_TRANSPORTFLAGS_NONE = 0, - /* If the connection is secured with SSL/TLS, the authenticity - * of the server certificate should not be verified. */ - GIT_TRANSPORTFLAGS_NO_CHECK_CERT = 1 } git_transport_flags_t; typedef struct git_transport git_transport; diff --git a/src/netops.c b/src/netops.c index 67d49a529..43b8c5311 100644 --- a/src/netops.c +++ b/src/netops.c @@ -387,7 +387,7 @@ cert_fail_name: return GIT_ECERTIFICATE; } -static int ssl_setup(gitno_socket *socket, const char *host, int flags) +static int ssl_setup(gitno_socket *socket, const char *host) { int ret; @@ -406,9 +406,6 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags) if ((ret = SSL_connect(socket->ssl.ssl)) <= 0) return ssl_set_error(&socket->ssl, ret); - if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags) - return 0; - return verify_server_cert(&socket->ssl, host); } #endif @@ -495,7 +492,7 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f #ifdef GIT_SSL if ((flags & GITNO_CONNECT_SSL) && - (ret = ssl_setup(s_out, host, flags)) < 0) + (ret = ssl_setup(s_out, host)) < 0) return ret; #else /* SSL is not supported */ diff --git a/src/netops.h b/src/netops.h index dfb4ab7b4..beb0e0760 100644 --- a/src/netops.h +++ b/src/netops.h @@ -47,10 +47,6 @@ typedef struct gitno_buffer gitno_buffer; enum { /* Attempt to create an SSL connection. */ GITNO_CONNECT_SSL = 1, - - /* Valid only when GITNO_CONNECT_SSL is also specified. - * Indicates that the server certificate should not be validated. */ - GITNO_CONNECT_SSL_NO_CHECK_CERT = 2, }; /** diff --git a/src/remote.c b/src/remote.c index 9c93f67a1..46a610c3a 100644 --- a/src/remote.c +++ b/src/remote.c @@ -80,6 +80,8 @@ static int ensure_remote_name_is_valid(const char *name) return error; } +#if 0 +/* We could export this as a helper */ static int get_check_cert(int *out, git_repository *repo) { git_config *cfg; @@ -105,6 +107,7 @@ static int get_check_cert(int *out, git_repository *repo) *out = git_config__get_bool_force(cfg, "http.sslverify", 1); return 0; } +#endif static int create_internal(git_remote **out, git_repository *repo, const char *name, const char *url, const char *fetch) { @@ -121,9 +124,6 @@ static int create_internal(git_remote **out, git_repository *repo, const char *n remote->repo = repo; remote->update_fetchhead = 1; - if (get_check_cert(&remote->check_cert, repo) < 0) - goto on_error; - if (git_vector_init(&remote->refs, 32, NULL) < 0) goto on_error; @@ -274,7 +274,6 @@ int git_remote_dup(git_remote **dest, git_remote *source) remote->transport_cb_payload = source->transport_cb_payload; remote->repo = source->repo; remote->download_tags = source->download_tags; - remote->check_cert = source->check_cert; remote->update_fetchhead = source->update_fetchhead; if (git_vector_init(&remote->refs, 32, NULL) < 0 || @@ -369,9 +368,6 @@ int git_remote_load(git_remote **out, git_repository *repo, const char *name) remote->name = git__strdup(name); GITERR_CHECK_ALLOC(remote->name); - if ((error = get_check_cert(&remote->check_cert, repo)) < 0) - goto cleanup; - if (git_vector_init(&remote->refs, 32, NULL) < 0 || git_vector_init(&remote->refspecs, 2, NULL) < 0 || git_vector_init(&remote->active_refspecs, 2, NULL) < 0) { @@ -676,9 +672,6 @@ int git_remote_connect(git_remote *remote, git_direction direction) (error = t->set_callbacks(t, remote->callbacks.sideband_progress, NULL, remote->callbacks.certificate_check, remote->callbacks.payload)) < 0) goto on_error; - if (!remote->check_cert) - flags |= GIT_TRANSPORTFLAGS_NO_CHECK_CERT; - if ((error = t->connect(t, url, remote->callbacks.credentials, remote->callbacks.payload, direction, flags)) != 0) goto on_error; @@ -1244,13 +1237,6 @@ int git_remote_list(git_strarray *remotes_list, git_repository *repo) return 0; } -void git_remote_check_cert(git_remote *remote, int check) -{ - assert(remote); - - remote->check_cert = check; -} - int git_remote_set_callbacks(git_remote *remote, const git_remote_callbacks *callbacks) { assert(remote && callbacks); diff --git a/src/remote.h b/src/remote.h index c471756b8..f88601e9b 100644 --- a/src/remote.h +++ b/src/remote.h @@ -31,7 +31,6 @@ struct git_remote { git_transfer_progress stats; unsigned int need_pack; git_remote_autotag_option_t download_tags; - int check_cert; int update_fetchhead; }; diff --git a/src/transports/http.c b/src/transports/http.c index 3f74bd149..1bbef81b8 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -545,9 +545,6 @@ static int http_connect(http_subtransport *t) return -1; flags |= GITNO_CONNECT_SSL; - - if (GIT_TRANSPORTFLAGS_NO_CHECK_CERT & tflags) - flags |= GITNO_CONNECT_SSL_NO_CHECK_CERT; } error = gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags); |