Implement valid parameter for RemoteCallbacks::certificate_check

[brysonsteck]

In the RemoteCallbacks struct documentation, the certificate_check function has this description:

If certificate verification fails, then this callback will be invoked to let the caller make the final decision of whether to allow the connection to proceed.

However, this statement is false. It turns out that this function never actually checks if the certificate is valid using the cert_valid parameter passed into certificate_check_cb from the check_certificate function in libgit2. As a result, when a callback function is specified, the function will always run regardless if libgit2 marks it valid.

I made the change in the function specified to skip the callback if the certificate is valid (valid = 1). Before, any SSH remotes would run this callback, and now only hosts that do not appear in my hosts file (~/.ssh/known_hosts) will result in the callback being ran.

If there are any changes I need to make, let me know! :)

[ehuss]

Hm, I'm a little uneasy about assuming what the callback wanted in this case. What about updating the callback to take the valid parameter? There is some motivation for doing this described at libgit2/libgit2@17491f6.

(The documentation error seems to be carried over from libgit2. I opened libgit2/libgit2#7119 to clarify it.)