Skip to content

Commit ab8a0fd

Browse files
author
Edward Thomson
committed
Merge branch '25_certcheckcb' into maint/v0.25
2 parents 75db289 + 98d6624 commit ab8a0fd

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

src/transports/http.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -624,13 +624,12 @@ static int http_connect(http_subtransport *t)
624624
if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
625625
git_stream_is_encrypted(t->io)) {
626626
git_cert *cert;
627-
int is_valid;
627+
int is_valid = (error == GIT_OK);
628628

629629
if ((error = git_stream_certificate(&cert, t->io)) < 0)
630630
return error;
631631

632632
giterr_clear();
633-
is_valid = error != GIT_ECERTIFICATE;
634633
error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload);
635634

636635
if (error < 0) {

tests/online/badssl.c

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,37 +10,66 @@ static bool g_has_ssl = true;
1010
static bool g_has_ssl = false;
1111
#endif
1212

13+
static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
14+
{
15+
GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
16+
17+
cl_assert_equal_i(0, valid);
18+
19+
return GIT_ECERTIFICATE;
20+
}
21+
1322
void test_online_badssl__expired(void)
1423
{
24+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
25+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
26+
1527
if (!g_has_ssl)
1628
cl_skip();
1729

1830
cl_git_fail_with(GIT_ECERTIFICATE,
1931
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
32+
33+
cl_git_fail_with(GIT_ECERTIFICATE,
34+
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
2035
}
2136

2237
void test_online_badssl__wrong_host(void)
2338
{
39+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
40+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
41+
2442
if (!g_has_ssl)
2543
cl_skip();
2644

2745
cl_git_fail_with(GIT_ECERTIFICATE,
2846
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
47+
cl_git_fail_with(GIT_ECERTIFICATE,
48+
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
2949
}
3050

3151
void test_online_badssl__self_signed(void)
3252
{
53+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
54+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
55+
3356
if (!g_has_ssl)
3457
cl_skip();
3558

3659
cl_git_fail_with(GIT_ECERTIFICATE,
3760
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
61+
cl_git_fail_with(GIT_ECERTIFICATE,
62+
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
3863
}
3964

4065
void test_online_badssl__old_cipher(void)
4166
{
67+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
68+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
69+
4270
if (!g_has_ssl)
4371
cl_skip();
4472

4573
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
74+
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
4675
}

0 commit comments

Comments
 (0)