Commit 41698f22f683d3452ef83de3b3e82f5cb178b0b3
2014-09-11T10:04:05
net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
diff --git a/include/git2/remote.h b/include/git2/remote.h
index 7231475..d2cc3e8 100644
--- a/include/git2/remote.h
+++ b/include/git2/remote.h
@@ -411,14 +411,6 @@ GIT_EXTERN(int) git_remote_supported_url(const char* url);
GIT_EXTERN(int) git_remote_list(git_strarray *out, git_repository *repo);
/**
- * Choose whether to check the server's certificate (applies to HTTPS only)
- *
- * @param remote the remote to configure
- * @param check whether to check the server's certificate (defaults to yes)
- */
-GIT_EXTERN(void) git_remote_check_cert(git_remote *remote, int check);
-
-/**
* Argument to the completion callback which tells it which operation
* finished.
*/
diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h
index 44d41c1..1e8f4e4 100644
--- a/include/git2/sys/transport.h
+++ b/include/git2/sys/transport.h
@@ -23,9 +23,6 @@ GIT_BEGIN_DECL
typedef enum {
GIT_TRANSPORTFLAGS_NONE = 0,
- /* If the connection is secured with SSL/TLS, the authenticity
- * of the server certificate should not be verified. */
- GIT_TRANSPORTFLAGS_NO_CHECK_CERT = 1
} git_transport_flags_t;
typedef struct git_transport git_transport;
diff --git a/src/netops.c b/src/netops.c
index 67d49a5..43b8c53 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -387,7 +387,7 @@ cert_fail_name:
return GIT_ECERTIFICATE;
}
-static int ssl_setup(gitno_socket *socket, const char *host, int flags)
+static int ssl_setup(gitno_socket *socket, const char *host)
{
int ret;
@@ -406,9 +406,6 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags)
if ((ret = SSL_connect(socket->ssl.ssl)) <= 0)
return ssl_set_error(&socket->ssl, ret);
- if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags)
- return 0;
-
return verify_server_cert(&socket->ssl, host);
}
#endif
@@ -495,7 +492,7 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f
#ifdef GIT_SSL
if ((flags & GITNO_CONNECT_SSL) &&
- (ret = ssl_setup(s_out, host, flags)) < 0)
+ (ret = ssl_setup(s_out, host)) < 0)
return ret;
#else
/* SSL is not supported */
diff --git a/src/netops.h b/src/netops.h
index dfb4ab7..beb0e07 100644
--- a/src/netops.h
+++ b/src/netops.h
@@ -47,10 +47,6 @@ typedef struct gitno_buffer gitno_buffer;
enum {
/* Attempt to create an SSL connection. */
GITNO_CONNECT_SSL = 1,
-
- /* Valid only when GITNO_CONNECT_SSL is also specified.
- * Indicates that the server certificate should not be validated. */
- GITNO_CONNECT_SSL_NO_CHECK_CERT = 2,
};
/**
diff --git a/src/remote.c b/src/remote.c
index 9c93f67..46a610c 100644
--- a/src/remote.c
+++ b/src/remote.c
@@ -80,6 +80,8 @@ static int ensure_remote_name_is_valid(const char *name)
return error;
}
+#if 0
+/* We could export this as a helper */
static int get_check_cert(int *out, git_repository *repo)
{
git_config *cfg;
@@ -105,6 +107,7 @@ static int get_check_cert(int *out, git_repository *repo)
*out = git_config__get_bool_force(cfg, "http.sslverify", 1);
return 0;
}
+#endif
static int create_internal(git_remote **out, git_repository *repo, const char *name, const char *url, const char *fetch)
{
@@ -121,9 +124,6 @@ static int create_internal(git_remote **out, git_repository *repo, const char *n
remote->repo = repo;
remote->update_fetchhead = 1;
- if (get_check_cert(&remote->check_cert, repo) < 0)
- goto on_error;
-
if (git_vector_init(&remote->refs, 32, NULL) < 0)
goto on_error;
@@ -274,7 +274,6 @@ int git_remote_dup(git_remote **dest, git_remote *source)
remote->transport_cb_payload = source->transport_cb_payload;
remote->repo = source->repo;
remote->download_tags = source->download_tags;
- remote->check_cert = source->check_cert;
remote->update_fetchhead = source->update_fetchhead;
if (git_vector_init(&remote->refs, 32, NULL) < 0 ||
@@ -369,9 +368,6 @@ int git_remote_load(git_remote **out, git_repository *repo, const char *name)
remote->name = git__strdup(name);
GITERR_CHECK_ALLOC(remote->name);
- if ((error = get_check_cert(&remote->check_cert, repo)) < 0)
- goto cleanup;
-
if (git_vector_init(&remote->refs, 32, NULL) < 0 ||
git_vector_init(&remote->refspecs, 2, NULL) < 0 ||
git_vector_init(&remote->active_refspecs, 2, NULL) < 0) {
@@ -676,9 +672,6 @@ int git_remote_connect(git_remote *remote, git_direction direction)
(error = t->set_callbacks(t, remote->callbacks.sideband_progress, NULL, remote->callbacks.certificate_check, remote->callbacks.payload)) < 0)
goto on_error;
- if (!remote->check_cert)
- flags |= GIT_TRANSPORTFLAGS_NO_CHECK_CERT;
-
if ((error = t->connect(t, url, remote->callbacks.credentials, remote->callbacks.payload, direction, flags)) != 0)
goto on_error;
@@ -1244,13 +1237,6 @@ int git_remote_list(git_strarray *remotes_list, git_repository *repo)
return 0;
}
-void git_remote_check_cert(git_remote *remote, int check)
-{
- assert(remote);
-
- remote->check_cert = check;
-}
-
int git_remote_set_callbacks(git_remote *remote, const git_remote_callbacks *callbacks)
{
assert(remote && callbacks);
diff --git a/src/remote.h b/src/remote.h
index c471756..f88601e 100644
--- a/src/remote.h
+++ b/src/remote.h
@@ -31,7 +31,6 @@ struct git_remote {
git_transfer_progress stats;
unsigned int need_pack;
git_remote_autotag_option_t download_tags;
- int check_cert;
int update_fetchhead;
};
diff --git a/src/transports/http.c b/src/transports/http.c
index 3f74bd1..1bbef81 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -545,9 +545,6 @@ static int http_connect(http_subtransport *t)
return -1;
flags |= GITNO_CONNECT_SSL;
-
- if (GIT_TRANSPORTFLAGS_NO_CHECK_CERT & tflags)
- flags |= GITNO_CONNECT_SSL_NO_CHECK_CERT;
}
error = gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags);