net: remove support for outright ignoring certificates

This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.

If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.

include/git2/remote.h

@@ -411,14 +411,6 @@ GIT_EXTERN(int) git_remote_supported_url(const char* url);
 GIT_EXTERN(int) git_remote_list(git_strarray *out, git_repository *repo);
 
 /**
- * Choose whether to check the server's certificate (applies to HTTPS only)
- *
- * @param remote the remote to configure
- * @param check whether to check the server's certificate (defaults to yes)
- */
-GIT_EXTERN(void) git_remote_check_cert(git_remote *remote, int check);
-
-/**
  * Argument to the completion callback which tells it which operation
  * finished.
  */

include/git2/sys/transport.h

@@ -23,9 +23,6 @@ GIT_BEGIN_DECL
 
 typedef enum {
 	GIT_TRANSPORTFLAGS_NONE = 0,
-	/* If the connection is secured with SSL/TLS, the authenticity
-	 * of the server certificate should not be verified. */
-	GIT_TRANSPORTFLAGS_NO_CHECK_CERT = 1
 } git_transport_flags_t;
 
 typedef struct git_transport git_transport;

src/netops.c

@@ -387,7 +387,7 @@ cert_fail_name:
 	return GIT_ECERTIFICATE;
 }
 
-static int ssl_setup(gitno_socket *socket, const char *host, int flags)
+static int ssl_setup(gitno_socket *socket, const char *host)
 {
 	int ret;
 
@@ -406,9 +406,6 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags)
 	if ((ret = SSL_connect(socket->ssl.ssl)) <= 0)
 		return ssl_set_error(&socket->ssl, ret);
 
-	if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags)
-		return 0;
-
 	return verify_server_cert(&socket->ssl, host);
 }
 #endif
@@ -495,7 +492,7 @@ int gitno_connect(gitno_socket *s_out, const char *host, const char *port, int f
 
 #ifdef GIT_SSL
 	if ((flags & GITNO_CONNECT_SSL) &&
-	    (ret = ssl_setup(s_out, host, flags)) < 0)
+	    (ret = ssl_setup(s_out, host)) < 0)
 		return ret;
 #else
 	/* SSL is not supported */

src/netops.h

@@ -47,10 +47,6 @@ typedef struct gitno_buffer gitno_buffer;
 enum {
 	/* Attempt to create an SSL connection. */
 	GITNO_CONNECT_SSL = 1,
-
-	/* Valid only when GITNO_CONNECT_SSL is also specified.
-	 * Indicates that the server certificate should not be validated. */
-	GITNO_CONNECT_SSL_NO_CHECK_CERT = 2,
 };
 
 /**

src/remote.c

@@ -80,6 +80,8 @@ static int ensure_remote_name_is_valid(const char *name)
 	return error;
 }
 
+#if 0
+/* We could export this as a helper */
 static int get_check_cert(int *out, git_repository *repo)
 {
 	git_config *cfg;
@@ -105,6 +107,7 @@ static int get_check_cert(int *out, git_repository *repo)
 	*out = git_config__get_bool_force(cfg, "http.sslverify", 1);
 	return 0;
 }
+#endif
 
 static int create_internal(git_remote **out, git_repository *repo, const char *name, const char *url, const char *fetch)
 {
@@ -121,9 +124,6 @@ static int create_internal(git_remote **out, git_repository *repo, const char *n
 	remote->repo = repo;
 	remote->update_fetchhead = 1;
 
-	if (get_check_cert(&remote->check_cert, repo) < 0)
-		goto on_error;
-
 	if (git_vector_init(&remote->refs, 32, NULL) < 0)
 		goto on_error;
 
@@ -274,7 +274,6 @@ int git_remote_dup(git_remote **dest, git_remote *source)
 	remote->transport_cb_payload = source->transport_cb_payload;
 	remote->repo = source->repo;
 	remote->download_tags = source->download_tags;
-	remote->check_cert = source->check_cert;
 	remote->update_fetchhead = source->update_fetchhead;
 
 	if (git_vector_init(&remote->refs, 32, NULL) < 0 ||
@@ -369,9 +368,6 @@ int git_remote_load(git_remote **out, git_repository *repo, const char *name)
 	remote->name = git__strdup(name);
 	GITERR_CHECK_ALLOC(remote->name);
 
-	if ((error = get_check_cert(&remote->check_cert, repo)) < 0)
-		goto cleanup;
-
 	if (git_vector_init(&remote->refs, 32, NULL) < 0 ||
 	    git_vector_init(&remote->refspecs, 2, NULL) < 0 ||
 	    git_vector_init(&remote->active_refspecs, 2, NULL) < 0) {
@@ -676,9 +672,6 @@ int git_remote_connect(git_remote *remote, git_direction direction)
 	    (error = t->set_callbacks(t, remote->callbacks.sideband_progress, NULL, remote->callbacks.certificate_check, remote->callbacks.payload)) < 0)
 		goto on_error;
 
-	if (!remote->check_cert)
-		flags |= GIT_TRANSPORTFLAGS_NO_CHECK_CERT;
-
 	if ((error = t->connect(t, url, remote->callbacks.credentials, remote->callbacks.payload, direction, flags)) != 0)
 		goto on_error;
 
@@ -1244,13 +1237,6 @@ int git_remote_list(git_strarray *remotes_list, git_repository *repo)
 	return 0;
 }
 
-void git_remote_check_cert(git_remote *remote, int check)
-{
-	assert(remote);
-
-	remote->check_cert = check;
-}
-
 int git_remote_set_callbacks(git_remote *remote, const git_remote_callbacks *callbacks)
 {
 	assert(remote && callbacks);

src/remote.h

@@ -31,7 +31,6 @@ struct git_remote {
 	git_transfer_progress stats;
 	unsigned int need_pack;
 	git_remote_autotag_option_t download_tags;
-	int check_cert;
 	int update_fetchhead;
 };
 

src/transports/http.c

@@ -545,9 +545,6 @@ static int http_connect(http_subtransport *t)
 			return -1;
 
 		flags |= GITNO_CONNECT_SSL;
-
-		if (GIT_TRANSPORTFLAGS_NO_CHECK_CERT & tflags)
-			flags |= GITNO_CONNECT_SSL_NO_CHECK_CERT;
 	}
 
 	error = gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags);