Commit 1dd5e28ec1fe5dc1d58116edb88148fcde963e83
2015-03-16T19:41:50
http: do not try to use the cert callback on unencrypted streams When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.
diff --git a/src/stream.h b/src/stream.h
index 3a7ef95..d810e70 100644
--- a/src/stream.h
+++ b/src/stream.h
@@ -15,6 +15,11 @@ GIT_INLINE(int) git_stream_connect(git_stream *st)
return st->connect(st);
}
+GIT_INLINE(int) git_stream_is_encrypted(git_stream *st)
+{
+ return st->encrypted;
+}
+
GIT_INLINE(int) git_stream_certificate(git_cert **out, git_stream *st)
{
if (!st->encrypted) {
diff --git a/src/transports/http.c b/src/transports/http.c
index 0907afa..0cd3300 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -558,7 +558,8 @@ static int http_connect(http_subtransport *t)
error = git_stream_connect(t->io);
#ifdef GIT_SSL
- if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
+ if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
+ git_stream_is_encrypted(t->io)) {
git_cert *cert;
int is_valid;