http: do not try to use the cert callback on unencrypted streams

When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.

http: do not try to use the cert callback on unencrypted streams
When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.
84d83b8e · Carlos Martín Nieto · 29e7ae5d · 84d83b8e · 84d83b8e
Commit 84d83b8e authored Mar 16, 2015 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletions

src/stream.h
+5 -0

src/transports/http.c
+2 -1

No files found.
--- a/src/stream.h
+++ b/src/stream.h
@@ -15,6 +15,11 @@ GIT_INLINE(int) git_stream_connect(git_stream *st)
 	return st->connect(st);
 }

+GIT_INLINE(int) git_stream_is_encrypted(git_stream *st)
+{
+	return st->encrypted;
+}
+
 GIT_INLINE(int) git_stream_certificate(git_cert **out, git_stream *st)
 {
 	if (!st->encrypted) {

--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -558,7 +558,8 @@ static int http_connect(http_subtransport *t)
 	error = git_stream_connect(t->io);

 #ifdef GIT_SSL
-	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
+	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
+	    git_stream_is_encrypted(t->io)) {
 		git_cert *cert;
 		int is_valid;