Signed-off-by: Sven Strickroth <email@cs-ware.de>

Signed-off-by: Sven Strickroth <email@cs-ware.de>

Factor 40 and 41 constants from source.

It looks like what Travis wants is a list of hashes, rather than a hash
with a list.

Fix `git_path_walk_up` to work with non-rooted paths

Replace void casts with GIT_UNUSED.

Provide a callback for certificate validation

travis: run valgrind only once

Instead of running valgrind on each job, half of which are in release
mode and don't have much usable information for valgrind, perform an
debug build as part of allowed_failures and run valgrind on that one,
which should speed up the feedback we get from the builds.

Skip it before we attempt to clone, as we would exit with -1 on systems
which do not have sshd running.

This brings us back in line with the other transports.

The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.

Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.

Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.

Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.

This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.

If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.

This should make the mingw compiler happy.

If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.

We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.

If we're not using SSL, don't call the user's certificate check callback.

On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.

We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.

We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.

Instead of the parsed data, we can ask OpenSSL to give us the
DER-encoded version of the certificate, which the user can then parse
and validate.

If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.

The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.

Fix typo

No files merged may result in bogus merge conflict error