Provide a callback for certificate validation

If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
author: Carlos Martín Nieto <cmn@dwim.me> 2014-07-04 12:45:43 +0200
committer: Carlos Martín Nieto <cmn@dwim.me> 2014-09-16 17:01:30 +0200
commit: 9b9405865e15da3a0a6ee0a67b59b36c5a973a8c (patch)
tree: ab758a8c8b5ff4ecb6d5e2d91926c0ca397d56f8 /src/netops.c
parent: d99c8ca1783cfd04869e88f8707c036fc6053a05 (diff)
download: libgit2-9b9405865e15da3a0a6ee0a67b59b36c5a973a8c.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/src/netops.c b/src/netops.c
index fceb4fb74..67d49a529 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -384,7 +384,7 @@ on_error:
 cert_fail_name:
 	OPENSSL_free(peer_cn);
 	giterr_set(GITERR_SSL, "hostname does not match certificate");
-	return -1;
+	return GIT_ECERTIFICATE;
 }
 
 static int ssl_setup(gitno_socket *socket, const char *host, int flags)
@@ -494,8 +494,9 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f
 	p_freeaddrinfo(info);
 
 #ifdef GIT_SSL
-	if ((flags & GITNO_CONNECT_SSL) && ssl_setup(s_out, host, flags) < 0)
-		return -1;
+	if ((flags & GITNO_CONNECT_SSL) &&
+	    (ret = ssl_setup(s_out, host, flags)) < 0)
+		return ret;
 #else
 	/* SSL is not supported */
 	if (flags & GITNO_CONNECT_SSL) {
author	Carlos Martín Nieto <cmn@dwim.me>	2014-07-04 12:45:43 +0200
committer	Carlos Martín Nieto <cmn@dwim.me>	2014-09-16 17:01:30 +0200
commit	9b9405865e15da3a0a6ee0a67b59b36c5a973a8c (patch)
tree	ab758a8c8b5ff4ecb6d5e2d91926c0ca397d56f8 /src/netops.c
parent	d99c8ca1783cfd04869e88f8707c036fc6053a05 (diff)
download	libgit2-9b9405865e15da3a0a6ee0a67b59b36c5a973a8c.tar.gz