Re: [PATCH] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike Hommey <mh@xxxxxxxxxxxx> writes:

> Signed-off-by: Mike Hommey <mh@xxxxxxxxxxxx>
> ---
>  http.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/http.c b/http.c
> index 5925d07..519621a 100644
> --- a/http.c
> +++ b/http.c
> @@ -177,6 +177,7 @@ static CURL* get_curl_handle(void)
>  	CURL* result = curl_easy_init();
>  
>  	curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
> +	curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, curl_ssl_verify * 2);
>  #if LIBCURL_VERSION_NUM >= 0x070907
>  	curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
>  #endif

Is it just me who finds that "* 2" is extremely magical?

diff --git a/http.c b/http.c
index 5925d07..8dce820 100644
--- a/http.c
+++ b/http.c
@@ -176,7 +176,16 @@ static CURL* get_curl_handle(void)
 {
 	CURL* result = curl_easy_init();
 
-	curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+	if (!curl_ssl_verify) {
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+	} else {
+		/* Verify authenticity of the peer's certificate */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+		/* The name in the cert must match whom we tried to connect */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x070907
 	curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
 #endif
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux