Commit 783555d8 by Carlos Martín Nieto

netops: catch the server not sending a certificate

It's possible for an encrypted connection not have a certificate. In
this case, SSL_get_verify_result() will return OK because no error
happened (as it never even tried to validate anything).

SSL_get_peer_certificate() will return NULL in this case so we need to
catch that. On the upside, the current code would segfault in this
situation instead of letting it through as a valid cert.
parent 51d3f6f5
...@@ -287,6 +287,10 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) ...@@ -287,6 +287,10 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
cert = SSL_get_peer_certificate(ssl->ssl); cert = SSL_get_peer_certificate(ssl->ssl);
if (!cert) {
giterr_set(GITERR_SSL, "the server did not provide a certificate");
return -1;
}
/* Check the alternative names */ /* Check the alternative names */
alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment