From e6e834a1299eb963c69839d0a3e8eb2e33f15640 Mon Sep 17 00:00:00 2001 From: Sven Strickroth Date: Thu, 18 Sep 2014 12:23:07 +0200 Subject: Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth --- include/git2/types.h | 3 ++- src/transports/http.c | 2 +- src/transports/ssh.c | 2 +- src/transports/winhttp.c | 2 +- tests/online/clone.c | 9 ++++++--- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/include/git2/types.h b/include/git2/types.h index 7ee7cc344..2cc240ed7 100644 --- a/include/git2/types.h +++ b/include/git2/types.h @@ -287,9 +287,10 @@ typedef struct { * @param len The size of the certificate or host info * @param valid Whether the libgit2 checks (OpenSSL or WinHTTP) think * this certificate is valid + * @param host Hostname of the host libgit2 connected to * @param payload Payload provided by the caller */ -typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, void *payload); +typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload); /** * Opaque structure representing a submodule. diff --git a/src/transports/http.c b/src/transports/http.c index 7ef0b519c..bcfeaee7f 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -581,7 +581,7 @@ static int http_connect(http_subtransport *t) cert_info.cert_type = GIT_CERT_X509; cert_info.data = encoded_cert; cert_info.len = len; - error = t->owner->certificate_check_cb((git_cert *) &cert_info, is_valid, t->owner->message_cb_payload); + error = t->owner->certificate_check_cb((git_cert *) &cert_info, is_valid, t->connection_data.host, t->owner->message_cb_payload); git__free(encoded_cert); if (error < 0) { diff --git a/src/transports/ssh.c b/src/transports/ssh.c index 15a45ca86..3868a529a 100644 --- a/src/transports/ssh.c +++ b/src/transports/ssh.c @@ -504,7 +504,7 @@ static int _git_ssh_setup_conn( /* We don't currently trust any hostkeys */ giterr_clear(); - error = t->owner->certificate_check_cb((git_cert *) &cert, 0, t->owner->message_cb_payload); + error = t->owner->certificate_check_cb((git_cert *) &cert, 0, host, t->owner->message_cb_payload); if (error < 0) { if (!giterr_last()) giterr_set(GITERR_NET, "user cancelled hostkey check"); diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c index 8aef63193..5a59dafad 100644 --- a/src/transports/winhttp.c +++ b/src/transports/winhttp.c @@ -229,7 +229,7 @@ static int certificate_check(winhttp_stream *s, int valid) cert.cert_type = GIT_CERT_X509; cert.data = cert_ctx->pbCertEncoded; cert.len = cert_ctx->cbCertEncoded; - error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->owner->cred_acquire_payload); + error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->connection_data.host, t->owner->cred_acquire_payload); CertFreeCertificateContext(cert_ctx); if (error < 0 && !giterr_last()) diff --git a/tests/online/clone.c b/tests/online/clone.c index f7f3aaeda..d5015383b 100644 --- a/tests/online/clone.c +++ b/tests/online/clone.c @@ -473,13 +473,14 @@ void test_online_clone__ssh_cannot_change_username(void) cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options)); } -int ssh_certificate_check(git_cert *cert, int valid, void *payload) +int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *payload) { git_cert_hostkey *key; git_oid expected = {{0}}, actual = {{0}}; const char *expected_str; GIT_UNUSED(valid); + GIT_UNUSED(host); GIT_UNUSED(payload); expected_str = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT"); @@ -523,10 +524,11 @@ void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void) GIT_EINVALIDSPEC); } -static int fail_certificate_check(git_cert *cert, int valid, void *payload) +static int fail_certificate_check(git_cert *cert, int valid, const char *host, void *payload) { GIT_UNUSED(cert); GIT_UNUSED(valid); + GIT_UNUSED(host); GIT_UNUSED(payload); return GIT_ECERTIFICATE; @@ -545,10 +547,11 @@ void test_online_clone__certificate_invalid(void) #endif } -static int succeed_certificate_check(git_cert *cert, int valid, void *payload) +static int succeed_certificate_check(git_cert *cert, int valid, const char *host, void *payload) { GIT_UNUSED(cert); GIT_UNUSED(valid); + GIT_UNUSED(host); GIT_UNUSED(payload); return 0; -- cgit v1.2.1 From db3d169c3351e31bab6cbddc7a7c29a0157f7a99 Mon Sep 17 00:00:00 2001 From: Sven Strickroth Date: Wed, 24 Sep 2014 11:28:45 +0200 Subject: Add tests for host names Signed-off-by: Sven Strickroth --- tests/online/clone.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/online/clone.c b/tests/online/clone.c index d5015383b..13abd39bd 100644 --- a/tests/online/clone.c +++ b/tests/online/clone.c @@ -480,7 +480,6 @@ int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *pay const char *expected_str; GIT_UNUSED(valid); - GIT_UNUSED(host); GIT_UNUSED(payload); expected_str = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT"); @@ -505,6 +504,8 @@ int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *pay cl_assert(!memcmp(&expected, &actual, 20)); + cl_assert_equal_s("localhost", host); + return GIT_EUSER; } @@ -551,9 +552,10 @@ static int succeed_certificate_check(git_cert *cert, int valid, const char *host { GIT_UNUSED(cert); GIT_UNUSED(valid); - GIT_UNUSED(host); GIT_UNUSED(payload); + cl_assert_equal_s("github.com", host); + return 0; } -- cgit v1.2.1