![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aaefbfa)
raw | patch | inline | side by side (parent: aaefbfa)
| author | Junio C Hamano <gitster@pobox.com> | |
| Thu, 21 Feb 2008 23:10:37 +0000 (15:10 -0800) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Sun, 7 Sep 2008 16:57:44 +0000 (09:57 -0700) |
Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER
but SSL_VERIFYHOST was in effect even when the user asked not to with
the environment variable.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
but SSL_VERIFYHOST was in effect even when the user asked not to with
the environment variable.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| http.c | patch | blob | history |
index 1108ab4a3101fb4768cad420ccfdb52d87890a18..a97fdf51173cf73d883c024d85109cbd4e607db9 100644 (file)
--- a/http.c
+++ b/http.c
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif