summaryrefslogtreecommitdiffstats
path: root/http.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2008-02-22 00:10:37 +0100
committerJunio C Hamano <gitster@pobox.com>2008-09-07 18:57:44 +0200
commita5ccc5979d210500d00169f98cc8567ea346fcb0 (patch)
tree083aa3627908ff76a712ac47196f1da7738ef344 /http.c
parentUpdate draft release notes for 1.6.0.2 (diff)
downloadgit-a5ccc5979d210500d00169f98cc8567ea346fcb0.tar.xz
git-a5ccc5979d210500d00169f98cc8567ea346fcb0.zip
Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER but SSL_VERIFYHOST was in effect even when the user asked not to with the environment variable. Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'http.c')
-rw-r--r--http.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/http.c b/http.c
index 1108ab4a31..a97fdf5117 100644
--- a/http.c
+++ b/http.c
@@ -165,7 +165,16 @@ static CURL* get_curl_handle(void)
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif