Provide a callback for certificate validation

If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.

The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.

1 files changed, 37 insertions, 0 deletions

diff --git a/include/git2/transport.h b/include/git2/transport.h
index 7090698ac..cd4429fee 100644
--- a/include/git2/transport.h
+++ b/include/git2/transport.h
@@ -20,6 +20,43 @@
  */
 GIT_BEGIN_DECL
 
+/**
+ * Type of host certificate structure that is passed to the check callback
+ */
+typedef enum git_cert_t {
+        /**
+         * The `data` argument to the callback will be a pointer to
+         * OpenSSL's `X509` structure.
+         */
+	GIT_CERT_X509_OPENSSL,
+	GIT_CERT_X509_WINHTTP,
+        /**
+         * The `data` argument to the callback will be a pointer to a
+         * `git_cert_hostkey` structure.
+         */
+	GIT_CERT_HOSTKEY_LIBSSH2,
+} git_cert_t;
+
+/**
+ * Hostkey information taken from libssh2
+ */
+typedef struct {
+        /**
+         * A hostkey type from libssh2, either
+         * `LIBSSH2_HOSTKEY_HASH_MD5` or `LIBSSH2_HOSTKEY_HASH_SHA1`
+         */
+        int type;
+        /**
+         * Hostkey hash. If the type is MD5, only the first 16 bytes
+         * will be set.
+         */
+        unsigned char hash[20];
+} git_cert_hostkey;
+
+/*
+ *** Begin interface for credentials acquisition ***
+ */
+
 /** Authentication type requested */
 typedef enum {
 	/* git_cred_userpass_plaintext */