diff options
Diffstat (limited to 'include/git2')
| -rw-r--r-- | include/git2/errors.h | 1 | ||||
| -rw-r--r-- | include/git2/remote.h | 8 | ||||
| -rw-r--r-- | include/git2/sys/transport.h | 1 | ||||
| -rw-r--r-- | include/git2/transport.h | 37 | ||||
| -rw-r--r-- | include/git2/types.h | 12 |
5 files changed, 59 insertions, 0 deletions
diff --git a/include/git2/errors.h b/include/git2/errors.h index b91560631..2ba9924f5 100644 --- a/include/git2/errors.h +++ b/include/git2/errors.h @@ -42,6 +42,7 @@ typedef enum { GIT_ELOCKED = -14, /**< Lock file prevented operation */ GIT_EMODIFIED = -15, /**< Reference value does not match expected */ GIT_EAUTH = -16, /**< Authentication error */ + GIT_ECERTIFICATE = -17, /**< Server certificate is invalid */ GIT_PASSTHROUGH = -30, /**< Internal only */ GIT_ITEROVER = -31, /**< Signals end of iteration with iterator */ diff --git a/include/git2/remote.h b/include/git2/remote.h index c0717fa31..723147590 100644 --- a/include/git2/remote.h +++ b/include/git2/remote.h @@ -459,6 +459,14 @@ struct git_remote_callbacks { git_cred_acquire_cb credentials; /** + * If cert verification fails, this will be called to let the + * user make the final decision of whether to allow the + * connection to proceed. Returns 1 to allow the connection, 0 + * to disallow it or a negative value to indicate an error. + */ + git_transport_certificate_check_cb certificate_check; + + /** * During the download of new data, this will be regularly * called with the current count of progress done by the * indexer. diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h index 62ac455d3..44d41c14d 100644 --- a/include/git2/sys/transport.h +++ b/include/git2/sys/transport.h @@ -37,6 +37,7 @@ struct git_transport { git_transport *transport, git_transport_message_cb progress_cb, git_transport_message_cb error_cb, + git_transport_certificate_check_cb certificate_check_cb, void *payload); /* Connect the transport to the remote repository, using the given diff --git a/include/git2/transport.h b/include/git2/transport.h index 7090698ac..cd4429fee 100644 --- a/include/git2/transport.h +++ b/include/git2/transport.h @@ -20,6 +20,43 @@ */ GIT_BEGIN_DECL +/** + * Type of host certificate structure that is passed to the check callback + */ +typedef enum git_cert_t { + /** + * The `data` argument to the callback will be a pointer to + * OpenSSL's `X509` structure. + */ + GIT_CERT_X509_OPENSSL, + GIT_CERT_X509_WINHTTP, + /** + * The `data` argument to the callback will be a pointer to a + * `git_cert_hostkey` structure. + */ + GIT_CERT_HOSTKEY_LIBSSH2, +} git_cert_t; + +/** + * Hostkey information taken from libssh2 + */ +typedef struct { + /** + * A hostkey type from libssh2, either + * `LIBSSH2_HOSTKEY_HASH_MD5` or `LIBSSH2_HOSTKEY_HASH_SHA1` + */ + int type; + /** + * Hostkey hash. If the type is MD5, only the first 16 bytes + * will be set. + */ + unsigned char hash[20]; +} git_cert_hostkey; + +/* + *** Begin interface for credentials acquisition *** + */ + /** Authentication type requested */ typedef enum { /* git_cred_userpass_plaintext */ diff --git a/include/git2/types.h b/include/git2/types.h index 7ed1bcd4c..0009a8aa5 100644 --- a/include/git2/types.h +++ b/include/git2/types.h @@ -253,6 +253,18 @@ typedef int (*git_transfer_progress_cb)(const git_transfer_progress *stats, void */ typedef int (*git_transport_message_cb)(const char *str, int len, void *payload); + +typedef enum git_cert_t git_cert_t; + +/** + * Callback for the user's custom certificate checks. + * + * @param type The type of certificate or host info, SSH or X.509 + * @param data The data for the certificate or host info + * @param payload Payload provided by the caller + */ +typedef int (*git_transport_certificate_check_cb)(git_cert_t type, void *data, void *payload); + /** * Opaque structure representing a submodule. */ |