Setting certificate check for HTTP returns error (even if HTTP request redirects to HTTPS)

[johnhaley81]

If you try to set the certificate_check on the remote callbacks option for a git_clone when the protocol is HTTP you'll get Error: an unencrypted stream does not have a certificate. And that makes sense but if the HTTP redirects to HTTPS (e.g. GitHub) then you do have a certificate and the check would be nice to have.

[johnhaley81]

Anybody have any ideas about this?? It shouldn't be too hard to put in.

[carlosmn]

The issue would have to be a different one. The error comes not from setting the callback, but the fact that we don't check beforehand whether the current stream is encrypted before asking for it.

[johnhaley81]

Do you mean https://github.com/libgit2/libgit2/blob/1ce9ea3/src/stream.h#L20-L23 ?

[carlosmn]

That error is correct where it's generated, the issue is calling that function when we do not have connection capable of having a certificate.

[johnhaley81]

Ah so that's called before the HTTPS redirect.

[calavera]

yeah, libgit2 checks the scheme before calling that function, without checking the actual connection. I was actually hit by this issue this morning 😔