On Mon, Mar 20, 2023 at 09:21:44PM +0300, Stanislav M wrote: > > > @@ -1014,10 +1020,14 @@ static CURL *get_curl_handle(void) > > > > > > if (ssl_cert) > > > curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); > > > + if (ssl_cert_type) > > > + curl_easy_setopt(result, CURLOPT_SSLCERTTYPE, ssl_cert_type); > > > > We're just feeding curl whatever string the user gave us (which is good, > > since we don't know which ones are valid). But what happens with: > > > > GIT_SSL_CERT_TYPE=bogus git fetch ... > > > > Should we check for an error here, or will the actual request later > > complain properly? > > Curl itself validates that string. And if we pass the wrong type or > not pass 'ENG' in case of pkcs11: curl will return an error. In that > case git do the same if GIT_SSL_CERT passed wrong ss 'ENG' in case of > pkcs11: curl will return an error. In that case git do the same if > GIT_SSL_CERT passed wrong That sounds great. Thanks for confirming! -Peff
