From 3b7cc1e97e62cf240f93a08983a0dc18bd31c54c Mon Sep 17 00:00:00 2001
From: Carlos Martín Nieto <cmn@dwim.me>
Date: Sun, 19 Oct 2014 14:35:22 +0200
Subject: remote: use the library's certificate validity if no callback is set

We should not return 0, as in this case that means we let it through,
return an appropriate error instead.
---
 remote.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'remote.go')

diff --git a/remote.go b/remote.go
index 266eb77..2ce3be8 100644
--- a/remote.go
+++ b/remote.go
@@ -160,8 +160,13 @@ func updateTipsCallback(_refname *C.char, _a *C.git_oid, _b *C.git_oid, data uns
 //export certificateCheckCallback
 func certificateCheckCallback(_cert *C.git_cert, _valid C.int, _host *C.char, data unsafe.Pointer) int {
 	callbacks := (*RemoteCallbacks)(data)
+	// if there's no callback set, we need to make sure we fail if the library didn't consider this cert valid
 	if callbacks.CertificateCheckCallback == nil {
-		return 0
+		if _valid == 1 {
+			return 0
+		} else {
+			return C.GIT_ECERTIFICATE
+		}
 	}
 	host := C.GoString(_host)
 	valid := _valid != 0
-- 
cgit v1.2.3