Files · 0d5dce268d47c4ecfb3f8cdda3379cd606630105 · lvzhengyang / git2

ssl: make cert check ignore work for invalid certs, not just CNs · 0d5dce26

Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the
certificate is invalid, without giving us a chance to ignore that
error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user
wanted us to check.

When no CNs match, we used to jump to on_error which gave a bogus
error as that's for OpenSSL errors. Jump to cert_fail so we tell the
user that the error came from checking the certificate.

committed Aug 28, 2012

0d5dce26

Name	Last commit	Last update
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
include		Loading commit data...
packaging/rpm		Loading commit data...
src		Loading commit data...
tests-clar		Loading commit data...
.HEADER		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
CONVENTIONS		Loading commit data...
COPYING		Loading commit data...
Makefile.embed		Loading commit data...
README.md		Loading commit data...
api.docurium		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...

README.md