Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER but SSL_VERIFYHOST was in effect even when the user asked not to with the environment variable. Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
aaefbfa66c
commit
a5ccc5979d
11
http.c
11
http.c
@ -165,7 +165,16 @@ static CURL* get_curl_handle(void)
|
||||
{
|
||||
CURL* result = curl_easy_init();
|
||||
|
||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
|
||||
if (!curl_ssl_verify) {
|
||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
|
||||
} else {
|
||||
/* Verify authenticity of the peer's certificate */
|
||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
/* The name in the cert must match whom we tried to connect */
|
||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
|
||||
}
|
||||
|
||||
#if LIBCURL_VERSION_NUM >= 0x070907
|
||||
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user