diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-11 10:04:05 +0200 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-16 17:01:32 +0200 |
| commit | 41698f22f683d3452ef83de3b3e82f5cb178b0b3 (patch) | |
| tree | f38345fbab3b5865fbd34531afd44446e6a98a9e /src/netops.c | |
| parent | 2aee4642ef9c0cffcebc443e81a706f3e458906f (diff) | |
| download | libgit2-41698f22f683d3452ef83de3b3e82f5cb178b0b3.tar.gz | |
net: remove support for outright ignoring certificates
This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.
If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.
Diffstat (limited to 'src/netops.c')
| -rw-r--r-- | src/netops.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/netops.c b/src/netops.c index 67d49a529..43b8c5311 100644 --- a/src/netops.c +++ b/src/netops.c @@ -387,7 +387,7 @@ cert_fail_name: return GIT_ECERTIFICATE; } -static int ssl_setup(gitno_socket *socket, const char *host, int flags) +static int ssl_setup(gitno_socket *socket, const char *host) { int ret; @@ -406,9 +406,6 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags) if ((ret = SSL_connect(socket->ssl.ssl)) <= 0) return ssl_set_error(&socket->ssl, ret); - if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags) - return 0; - return verify_server_cert(&socket->ssl, host); } #endif @@ -495,7 +492,7 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f #ifdef GIT_SSL if ((flags & GITNO_CONNECT_SSL) && - (ret = ssl_setup(s_out, host, flags)) < 0) + (ret = ssl_setup(s_out, host)) < 0) return ret; #else /* SSL is not supported */ |