Bring certificate check back to the normal return code

Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
23ca0ad5 · Carlos Martín Nieto · 2f5864c5 · 23ca0ad5 · 23ca0ad5 · 23ca0ad5
Commit 23ca0ad5 authored Aug 29, 2014 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 22 deletions

src/transports/http.c
+9 -9

src/transports/ssh.c
+8 -11

tests/online/clone.c
+2 -2

No files found.
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -555,7 +555,7 @@ static int http_connect(http_subtransport *t)
 #ifdef GIT_SSL
 	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
                X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
-                int allow, len, is_valid;
+                int len, is_valid;
 		unsigned char *guard, *encoded_cert;
 		/* Retrieve the length of the certificate first */
@@ -578,17 +578,17 @@ static int http_connect(http_subtransport *t)
 			return -1;
 		}
+		giterr_clear();
 		is_valid = error != GIT_ECERTIFICATE;
-                allow = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
+                error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload);
 		git__free(encoded_cert);
-                if (allow < 0) {
+		if (error < 0) {
-                        error = allow;
+			if (!giterr_last())
-                } else if (!allow) {
+				giterr_set(GITERR_NET, "user cancelled certificate check");
-                        error = GIT_ECERTIFICATE;
-                } else {
+			return error;
-                        error = 0;
+		}
-                }
 	}
 #endif
 	if (error < 0)

--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -476,7 +476,6 @@ static int _git_ssh_setup_conn(
 	if (t->owner->certificate_check_cb != NULL) {
 		git_cert_hostkey cert;
 		const char *key;
-		int allow;
 		size_t certlen;
 		cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
@@ -498,16 +497,14 @@ static int _git_ssh_setup_conn(
 		}
 		/* We don't currently trust any hostkeys */
-                allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
+		giterr_clear();
-                if (allow < 0) {
+                error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
-                        error = allow;
+		if (error < 0) {
-                        goto on_error;
+			if (!giterr_last())
-                }
+				giterr_set(GITERR_NET, "user cancelled hostkey check");
-                if (!allow) {
+			goto on_error;
-                        error = GIT_ECERTIFICATE;
+		}
-                        goto on_error;
-                }
        }
 	/* we need the username to ask for auth methods */

--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -478,7 +478,7 @@ static int fail_certificate_check(git_cert_t type, void *data, size_t len, int v
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);
-	return 0;
+	return GIT_ECERTIFICATE;
 }
 void test_online_clone__certificate_invalid(void)
@@ -500,7 +500,7 @@ static int succeed_certificate_check(git_cert_t type, void *data, size_t len, in
 	GIT_UNUSED(valid);
 	GIT_UNUSED(payload);
-	return 1;
+	return 0;
 }
 void test_online_clone__certificate_valid(void)