http transport: reset error message on cert failure

Store the error message from the underlying TLS library before calling the certificate callback. If it refuses to act (demonstrated by returning GIT_PASSTHROUGH) then restore the error message. Otherwise, if the callback does not set an error message, set a sensible default that implicates the callback itself.

http transport: reset error message on cert failure
Store the error message from the underlying TLS library before calling the certificate callback. If it refuses to act (demonstrated by returning GIT_PASSTHROUGH) then restore the error message. Otherwise, if the callback does not set an error message, set a sensible default that implicates the callback itself.
b2ed778a · Edward Thomson · 2ce2315c · b2ed778a
Commit b2ed778a authored Nov 18, 2018 by Edward Thomson
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 11 deletions

src/transports/http.c
+11 -11

No files found.
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -692,25 +692,25 @@ static int check_certificate(
 	void *cert_cb_payload)
 {
 	git_cert *cert;
+	git_error_state last_error = {0};
 	int error;
 	if ((error = git_stream_certificate(&cert, stream)) < 0)
 		return error;
-	giterr_clear();
+	giterr_state_capture(&last_error, GIT_ECERTIFICATE);
-	error = cert_cb(cert, is_valid, url->host, cert_cb_payload);
-	if (error == GIT_PASSTHROUGH)
+	error = cert_cb(cert, is_valid, url->host, cert_cb_payload);
-		error = is_valid ? 0 : GIT_ECERTIFICATE;
-	if (error) {
+	if (error == GIT_PASSTHROUGH && !is_valid)
-		if (!giterr_last())
+		return giterr_state_restore(&last_error);
-			giterr_set(GITERR_NET, "user cancelled certificate check");
+	else if (error == GIT_PASSTHROUGH)
+		error = 0;
+	else if (error && !giterr_last())
+		giterr_set(GITERR_NET, "user rejected certificate for %s", url->host);
-		return error;
+	giterr_state_free(&last_error);
-	}
+	return error;
-	return 0;
 }
 static int http_connect(http_subtransport *t)