Commit 828e595969efee951d67f23cfd9f4b8461ce71fb
2015-03-17T09:44:56
Merge pull request #2982 from libgit2/cmn/stream-check-ec Don't ask for a stream's certificate unless it's encrypted
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
diff --git a/src/stream.h b/src/stream.h
index 3a7ef95..d810e70 100644
--- a/src/stream.h
+++ b/src/stream.h
@@ -15,6 +15,11 @@ GIT_INLINE(int) git_stream_connect(git_stream *st)
return st->connect(st);
}
+GIT_INLINE(int) git_stream_is_encrypted(git_stream *st)
+{
+ return st->encrypted;
+}
+
GIT_INLINE(int) git_stream_certificate(git_cert **out, git_stream *st)
{
if (!st->encrypted) {
diff --git a/src/transports/http.c b/src/transports/http.c
index 0907afa..0cd3300 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -558,7 +558,8 @@ static int http_connect(http_subtransport *t)
error = git_stream_connect(t->io);
#ifdef GIT_SSL
- if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
+ if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
+ git_stream_is_encrypted(t->io)) {
git_cert *cert;
int is_valid;
diff --git a/tests/online/clone.c b/tests/online/clone.c
index 3bb9279..4fdeee1 100644
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -565,3 +565,10 @@ void test_online_clone__certificate_valid(void)
cl_git_pass(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options));
}
+
+void test_online_clone__start_with_http(void)
+{
+ g_options.remote_callbacks.certificate_check = succeed_certificate_check;
+
+ cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
+}