diff options
| author | Edward Thomson <ethomson@github.com> | 2017-01-06 17:10:49 +0000 |
|---|---|---|
| committer | Edward Thomson <ethomson@github.com> | 2017-01-06 17:10:49 +0000 |
| commit | ab8a0fdb31ff7e944d01348f28a2da19e50f8839 (patch) | |
| tree | 35a9eea48348385cc0a7a2e660bcf7c6656a5523 | |
| parent | 75db289a041b1f1084768244e167b953ac7eeaa5 (diff) | |
| parent | 98d66240ecb7765e191da19b535c75c92ccc90fe (diff) | |
| download | libgit2-ab8a0fdb31ff7e944d01348f28a2da19e50f8839.tar.gz | |
Merge branch '25_certcheckcb' into maint/v0.25
| -rw-r--r-- | src/transports/http.c | 3 | ||||
| -rw-r--r-- | tests/online/badssl.c | 29 |
2 files changed, 30 insertions, 2 deletions
diff --git a/src/transports/http.c b/src/transports/http.c index ad28c5889..155fd7b30 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -624,13 +624,12 @@ static int http_connect(http_subtransport *t) if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL && git_stream_is_encrypted(t->io)) { git_cert *cert; - int is_valid; + int is_valid = (error == GIT_OK); if ((error = git_stream_certificate(&cert, t->io)) < 0) return error; giterr_clear(); - is_valid = error != GIT_ECERTIFICATE; error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload); if (error < 0) { diff --git a/tests/online/badssl.c b/tests/online/badssl.c index 66b090df4..f3470f6d7 100644 --- a/tests/online/badssl.c +++ b/tests/online/badssl.c @@ -10,37 +10,66 @@ static bool g_has_ssl = true; static bool g_has_ssl = false; #endif +static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload) +{ + GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload); + + cl_assert_equal_i(0, valid); + + return GIT_ECERTIFICATE; +} + void test_online_badssl__expired(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL)); + + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__wrong_host(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__self_signed(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__old_cipher(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts)); } |