diff options
author | Carlos Martín Nieto <cmn@dwim.me> | 2014-08-29 21:25:13 +0200 |
---|---|---|
committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-16 17:01:31 +0200 |
commit | 23ca0ad5ebcba3173ba3ff51e8114c33f795e62a (patch) | |
tree | ecf4c9ba3c1fa1ab35f8cdd8c71975be7d685818 | |
parent | 2f5864c50c3c82d01837570cb0b7e629295c65cf (diff) | |
download | libgit2-23ca0ad5ebcba3173ba3ff51e8114c33f795e62a.tar.gz |
Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
-rw-r--r-- | src/transports/http.c | 18 | ||||
-rw-r--r-- | src/transports/ssh.c | 19 | ||||
-rw-r--r-- | tests/online/clone.c | 4 |
3 files changed, 19 insertions, 22 deletions
diff --git a/src/transports/http.c b/src/transports/http.c index f49242e3b..3f74bd149 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -555,7 +555,7 @@ static int http_connect(http_subtransport *t) #ifdef GIT_SSL if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) { X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl); - int allow, len, is_valid; + int len, is_valid; unsigned char *guard, *encoded_cert; /* Retrieve the length of the certificate first */ @@ -578,17 +578,17 @@ static int http_connect(http_subtransport *t) return -1; } + giterr_clear(); is_valid = error != GIT_ECERTIFICATE; - allow = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload); + error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload); git__free(encoded_cert); - if (allow < 0) { - error = allow; - } else if (!allow) { - error = GIT_ECERTIFICATE; - } else { - error = 0; - } + if (error < 0) { + if (!giterr_last()) + giterr_set(GITERR_NET, "user cancelled certificate check"); + + return error; + } } #endif if (error < 0) diff --git a/src/transports/ssh.c b/src/transports/ssh.c index a25ab6315..8ea4a25d7 100644 --- a/src/transports/ssh.c +++ b/src/transports/ssh.c @@ -476,7 +476,6 @@ static int _git_ssh_setup_conn( if (t->owner->certificate_check_cb != NULL) { git_cert_hostkey cert; const char *key; - int allow; size_t certlen; cert.type = LIBSSH2_HOSTKEY_HASH_SHA1; @@ -498,16 +497,14 @@ static int _git_ssh_setup_conn( } /* We don't currently trust any hostkeys */ - allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload); - if (allow < 0) { - error = allow; - goto on_error; - } - - if (!allow) { - error = GIT_ECERTIFICATE; - goto on_error; - } + giterr_clear(); + error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload); + if (error < 0) { + if (!giterr_last()) + giterr_set(GITERR_NET, "user cancelled hostkey check"); + + goto on_error; + } } /* we need the username to ask for auth methods */ diff --git a/tests/online/clone.c b/tests/online/clone.c index 66e614e15..a880d47d9 100644 --- a/tests/online/clone.c +++ b/tests/online/clone.c @@ -478,7 +478,7 @@ static int fail_certificate_check(git_cert_t type, void *data, size_t len, int v GIT_UNUSED(valid); GIT_UNUSED(payload); - return 0; + return GIT_ECERTIFICATE; } void test_online_clone__certificate_invalid(void) @@ -500,7 +500,7 @@ static int succeed_certificate_check(git_cert_t type, void *data, size_t len, in GIT_UNUSED(valid); GIT_UNUSED(payload); - return 1; + return 0; } void test_online_clone__certificate_valid(void) |