Commit 7c8acc54be390face2f8b519a828a7f2860bb5b3
2014-08-30T14:26:57
winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c
index 14afce2..0393997 100644
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@@ -558,7 +558,7 @@ on_error:
return error;
}
-static int send_request(winhttp_stream *s, size_t len, int ignore_length)
+static int do_send_request(winhttp_stream *s, size_t len, int ignore_length)
{
int request_failed = 0, cert_valid = 1, error = 0;
@@ -567,26 +567,62 @@ static int send_request(winhttp_stream *s, size_t len, int ignore_length)
WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0,
WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH, 0)) {
- request_failed = 1;
+ return -1;
}
} else {
if (!WinHttpSendRequest(s->request,
WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0,
len, 0)) {
- request_failed = 1;
+ return -1;
}
}
- if (request_failed && GetLastError() == ERROR_WINHTTP_SECURE_FAILURE)
- cert_valid = 0;
+ return 0;
+}
+
+static int send_request(winhttp_stream *s, size_t len, int ignore_length)
+{
+ int request_failed = 0, cert_valid = 1, error = 0;
+ DWORD ignore_flags;
+
+ if ((error = do_send_request(s, len, ignore_length)) < 0)
+ request_failed = 1;
+
+ if (request_failed) {
+ if (GetLastError() != ERROR_WINHTTP_SECURE_FAILURE) {
+ giterr_set(GITERR_OS, "failed to send request");
+ return -1;
+ } else {
+ cert_valid = 0;
+ }
+ }
giterr_clear();
if ((error = certificate_check(s, cert_valid)) < 0) {
if (!giterr_last())
- giterr_set(GITERR_OS, "failed to send request");
+ giterr_set(GITERR_OS, "user cancelled certificate check");
+
+ return error;
+ }
+
+ /* if neither the request nor the certificate check returned errors, we're done */
+ if (!request_failed)
+ return 0;
+
+ ignore_flags =
+ SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
+ SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+ SECURITY_FLAG_IGNORE_UNKNOWN_CA;
+
+ if (!WinHttpSetOption(s->request, WINHTTP_OPTION_SECURITY_FLAGS, &ignore_flags, sizeof(ignore_flags))) {
+ giterr_set(GITERR_OS, "failed to set security options");
+ return -1;
}
+ if ((error = do_send_request(s, len, ignore_length)) < 0)
+ giterr_set(GITERR_OS, "failed to send request");
+
return error;
}