thodg/libgit2

2012-08-28T14:15:32

ssl: make cert check ignore work for invalid certs, not just CNs Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the certificate is invalid, without giving us a chance to ignore that error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user wanted us to check. When no CNs match, we used to jump to on_error which gave a bogus error as that's for OpenSSL errors. Jump to cert_fail so we tell the user that the error came from checking the certificate.