Merge pull request subsurface#2736 from Subsurface-divelog/removeClou…

…dOverride core: remove cloud certificate override
mturkia · Apr 11, 2020 · 1c420dc · 1c420dc
2 parents 61f9c41 + ccbd4d1
commit 1c420dc
Showing 1 changed file with 0 additions and 26 deletions.
diff --git a/core/git-access.c b/core/git-access.c
@@ -286,28 +286,6 @@ int credential_https_cb(git_cred **out,
 	return git_cred_userpass_plaintext_new(out, username, password);
 }
 
-#define KNOWN_CERT "\xfd\xb8\xf7\x73\x76\xe2\x75\x53\x93\x37\xdc\xfe\x1e\x55\x43\x3d\xf2\x2c\x18\x2c"
-int certificate_check_cb(git_cert *cert, int valid, const char *host, void *payload)
-{
-	UNUSED(payload);
-	if (same_string(host, "cloud.subsurface-divelog.org") && cert->cert_type == GIT_CERT_X509) {
-		SHA_CTX ctx;
-		unsigned char hash[21];
-		git_cert_x509 *cert509 = (git_cert_x509 *)cert;
-		SHA1_Init(&ctx);
-		SHA1_Update(&ctx, cert509->data, cert509->len);
-		SHA1_Final(hash, &ctx);
-		hash[20] = 0;
-		if (verbose > 1)
-			if (same_string((char *)hash, KNOWN_CERT)) {
-				fprintf(stderr, "cloud certificate considered %s, forcing it valid\n",
-					valid ? "valid" : "not valid");
-				return 1;
-			}
-	}
-	return valid;
-}
-
 static int update_remote(git_repository *repo, git_remote *origin, git_reference *local, git_reference *remote, enum remote_transport rt)
 {
 	UNUSED(repo);
@@ -329,7 +307,6 @@ static int update_remote(git_repository *repo, git_remote *origin, git_reference
 		opts.callbacks.credentials = credential_ssh_cb;
 	else if (rt == RT_HTTPS)
 		opts.callbacks.credentials = credential_https_cb;
-	opts.callbacks.certificate_check = certificate_check_cb;
 
 	if (git_remote_push(origin, &refspec, &opts)) {
 		if (is_subsurface_cloud)
@@ -585,7 +562,6 @@ static int check_remote_status(git_repository *repo, git_remote *origin, const c
 			opts.callbacks.credentials = credential_ssh_cb;
 		else if (rt == RT_HTTPS)
 			opts.callbacks.credentials = credential_https_cb;
-		opts.callbacks.certificate_check = certificate_check_cb;
 		git_storage_update_progress(translate("gettextFromC", "Store data into cloud storage"));
 		error = git_remote_push(origin, &refspec, &opts);
 	} else {
@@ -649,7 +625,6 @@ int sync_with_remote(git_repository *repo, const char *remote, const char *branc
 		opts.callbacks.credentials = credential_ssh_cb;
 	else if (rt == RT_HTTPS)
 		opts.callbacks.credentials = credential_https_cb;
-	opts.callbacks.certificate_check = certificate_check_cb;
 	git_storage_update_progress(translate("gettextFromC", "Successful cloud connection, fetch remote"));
 	error = git_remote_fetch(origin, NULL, &opts, NULL);
 	// NOTE! A fetch error is not fatal, we just report it
@@ -777,7 +752,6 @@ static git_repository *create_local_repo(const char *localdir, const char *remot
 	else if (rt == RT_HTTPS)
 		opts.fetch_opts.callbacks.credentials = credential_https_cb;
 	opts.repository_cb = repository_create_cb;
-	opts.fetch_opts.callbacks.certificate_check = certificate_check_cb;
 
 	opts.checkout_branch = branch;
 	if (is_subsurface_cloud && !canReachCloudServer())