Skip to content

Commit a5ccc59

Browse files
gitstergitster
committed
Don't verify host name in SSL certs when GIT_SSL_NO_VERIFY is set
Originally from Mike Hommey; earlier we were disabling SSL_VERIFYPEER but SSL_VERIFYHOST was in effect even when the user asked not to with the environment variable. Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent aaefbfa commit a5ccc59

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

http.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,16 @@ static CURL* get_curl_handle(void)
165165
{
166166
CURL* result = curl_easy_init();
167167

168-
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
168+
if (!curl_ssl_verify) {
169+
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
170+
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
171+
} else {
172+
/* Verify authenticity of the peer's certificate */
173+
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
174+
/* The name in the cert must match whom we tried to connect */
175+
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
176+
}
177+
169178
#if LIBCURL_VERSION_NUM >= 0x070907
170179
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
171180
#endif

0 commit comments

Comments
 (0)