Commit 23ca0ad5ebcba3173ba3ff51e8114c33f795e62a

Carlos Martín Nieto 2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

diff --git a/src/transports/http.c b/src/transports/http.c
index f49242e..3f74bd1 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -555,7 +555,7 @@ static int http_connect(http_subtransport *t)
 #ifdef GIT_SSL
 	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
                 X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
-                int allow, len, is_valid;
+                int len, is_valid;
 		unsigned char *guard, *encoded_cert;
 
 		/* Retrieve the length of the certificate first */
@@ -578,17 +578,17 @@ static int http_connect(http_subtransport *t)
 			return -1;
 		}
 
+		giterr_clear();
 		is_valid = error != GIT_ECERTIFICATE;
-                allow = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
+                error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
 		git__free(encoded_cert);
 
-                if (allow < 0) {
-                        error = allow;
-                } else if (!allow) {
-                        error = GIT_ECERTIFICATE;
-                } else {
-                        error = 0;
-                }
+		if (error < 0) {
+			if (!giterr_last())
+				giterr_set(GITERR_NET, "user cancelled certificate check");
+
+			return error;
+		}
 	}
 #endif
 	if (error < 0)
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index a25ab63..8ea4a25 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -476,7 +476,6 @@ static int _git_ssh_setup_conn(
 	if (t->owner->certificate_check_cb != NULL) {
 		git_cert_hostkey cert;
 		const char *key;
-		int allow;
 		size_t certlen;
 
 		cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
@@ -498,16 +497,14 @@ static int _git_ssh_setup_conn(
 		}
 
 		/* We don't currently trust any hostkeys */
-                allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
-                if (allow < 0) {
-                        error = allow;
-                        goto on_error;
-                }
-
-                if (!allow) {
-                        error = GIT_ECERTIFICATE;
-                        goto on_error;
-                }
+		giterr_clear();
+                error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
+		if (error < 0) {
+			if (!giterr_last())
+				giterr_set(GITERR_NET, "user cancelled hostkey check");
+
+			goto on_error;
+		}
         }
 
 	/* we need the username to ask for auth methods */
diff --git a/tests/online/clone.c b/tests/online/clone.c
index 66e614e..a880d47 100644
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -478,7 +478,7 @@ static int fail_certificate_check(git_cert_t type, void *data, size_t len, int v
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);
 
-	return 0;
+	return GIT_ECERTIFICATE;
 }
 
 void test_online_clone__certificate_invalid(void)
@@ -500,7 +500,7 @@ static int succeed_certificate_check(git_cert_t type, void *data, size_t len, in
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);
 
-	return 1;
+	return 0;
 }
 
 void test_online_clone__certificate_valid(void)