Merge branch 'mh/maint-honor-no-ssl-verify'

* mh/maint-honor-no-ssl-verify: Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
author: Junio C Hamano <gitster@pobox.com> 2008-09-16 00:46:36 -0700
committer: Junio C Hamano <gitster@pobox.com> 2008-09-16 00:46:36 -0700
commit: fb0863a528c1503cba1a9b8bf8da11a8e0b271aa (patch)
tree: 8d81249348fdab748a641727dee87e7c6a72d432
parent: Update RPM spec for the new location of git-cvsserver. (diff)
parent: Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set (diff)
download: tgif-fb0863a528c1503cba1a9b8bf8da11a8e0b271aa.tar.xz
1 files changed, 10 insertions, 1 deletions
diff --git a/http.c b/http.c
index 0788936704..ed59b79709 100644
--- a/http.c
+++ b/http.c
@@ -165,7 +165,16 @@ static CURL* get_curl_handle(void)
 {
 	CURL* result = curl_easy_init();
 
-	curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+	if (!curl_ssl_verify) {
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+	} else {
+		/* Verify authenticity of the peer's certificate */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+		/* The name in the cert must match whom we tried to connect */
+		curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x070907
 	curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
 #endif
author	Junio C Hamano <gitster@pobox.com>	2008-09-16 00:46:36 -0700
committer	Junio C Hamano <gitster@pobox.com>	2008-09-16 00:46:36 -0700
commit	fb0863a528c1503cba1a9b8bf8da11a8e0b271aa (patch)
tree	8d81249348fdab748a641727dee87e7c6a72d432
parent	Update RPM spec for the new location of git-cvsserver. (diff)
parent	Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set (diff)
download	tgif-fb0863a528c1503cba1a9b8bf8da11a8e0b271aa.tar.xz