On Thu, Mar 11, 2021 at 8:45 PM Jeff King <peff@xxxxxxxx> wrote:
>
> On Fri, Mar 12, 2021 at 01:41:30AM +0000, brian m. carlson wrote:
>
> > > diff --git a/http.c b/http.c
> > > index f8ea28bb2e..12a8aaba48 100644
> > > --- a/http.c
> > > +++ b/http.c
> > > @@ -1637,7 +1637,17 @@ static int handle_curl_result(struct slot_results *results)
> > > credential_approve(&http_auth);
> > > if (proxy_auth.password)
> > > credential_approve(&proxy_auth);
> > > + credential_approve(&cert_auth);
> > > return HTTP_OK;
> > > + } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
> > > + /*
> > > + * We can't tell from here whether it's a bad path, bad
> > > + * certificate, bad password, or something else wrong
> > > + * with the certificate. So we reject the credential to
> > > + * avoid caching or saving a bad password.
> > > + */
> > > + credential_reject(&http_auth);
> >
> > Is this supposed to be &cert_auth here? I'm not sure how a bad HTTP
> > password would even have been tested in this case.
>
> Good catch! When reviewing, I was so busy thinking about _where_ this
> line should go that I didn't even notice what it said. :)
Good catch! I don't even know how I did that. :-/ The system I
created the patch on is inaccessible via the Internet and I can't
really get data off of it. This is entirely an error in translation
on my part. The diff I printed has the correct line. My bad. I'll
send an update soon.
John
