From a5ccc5979d210500d00169f98cc8567ea346fcb0 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 21 Feb 2008 15:10:37 -0800 Subject: [PATCH] Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER but SSL_VERIFYHOST was in effect even when the user asked not to with the environment variable. Signed-off-by: Junio C Hamano --- http.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/http.c b/http.c index 1108ab4a3..a97fdf511 100644 --- a/http.c +++ b/http.c @@ -165,7 +165,16 @@ static CURL* get_curl_handle(void) { CURL* result = curl_easy_init(); - curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify); + if (!curl_ssl_verify) { + curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0); + curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0); + } else { + /* Verify authenticity of the peer's certificate */ + curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1); + /* The name in the cert must match whom we tried to connect */ + curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2); + } + #if LIBCURL_VERSION_NUM >= 0x070907 curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); #endif -- 2.30.2