Permalink
Browse files

Merge branch 'mh/maint-honor-no-ssl-verify'

* mh/maint-honor-no-ssl-verify:
  Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
  • Loading branch information...
2 parents f1f15fb + a5ccc59 commit fb0863a528c1503cba1a9b8bf8da11a8e0b271aa @gitster gitster committed Sep 16, 2008
Showing with 10 additions and 1 deletion.
  1. +10 −1 http.c
View
11 http.c
@@ -165,7 +165,16 @@ static CURL* get_curl_handle(void)
{
CURL* result = curl_easy_init();
- curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+ if (!curl_ssl_verify) {
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+ } else {
+ /* Verify authenticity of the peer's certificate */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+ /* The name in the cert must match whom we tried to connect */
+ curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif

0 comments on commit fb0863a

Please sign in to comment.