Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
2419cccd
Commit
2419cccd
authored
7 years ago
by
Etienne Samson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
mbedtls: default cipher list support
parent
60e1ad92
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
30 additions
and
1 deletions
+30
-1
src/settings.c
+1
-1
src/streams/mbedtls.c
+29
-0
No files found.
src/settings.c
View file @
2419cccd
...
...
@@ -210,7 +210,7 @@ int git_libgit2_opts(int key, ...)
break
;
case
GIT_OPT_SET_SSL_CIPHERS
:
#if
def GIT_OPENSSL
#if
(GIT_OPENSSL || GIT_MBEDTLS)
{
git__free
(
git__ssl_ciphers
);
git__ssl_ciphers
=
git__strdup
(
va_arg
(
ap
,
const
char
*
));
...
...
This diff is collapsed.
Click to expand it.
src/streams/mbedtls.c
View file @
2419cccd
...
...
@@ -16,6 +16,7 @@
#include "streams/socket.h"
#include "netops.h"
#include "git2/transport.h"
#include "util.h"
#ifdef GIT_CURL
# include "streams/curl.h"
...
...
@@ -31,6 +32,9 @@
mbedtls_ssl_config
*
git__ssl_conf
;
mbedtls_entropy_context
*
mbedtls_entropy
;
#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA"
#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30
/**
* This function aims to clean-up the SSL context which
* we allocated.
...
...
@@ -57,6 +61,13 @@ int git_mbedtls_stream_global_init(void)
{
int
ret
;
mbedtls_ctr_drbg_context
*
ctr_drbg
=
NULL
;
int
*
ciphers_list
=
NULL
;
int
ciphers_known
=
0
;
char
*
cipher_name
=
NULL
;
char
*
cipher_string
=
NULL
;
char
*
cipher_string_tmp
=
NULL
;
mbedtls_x509_crt
*
cacert
=
NULL
;
git__ssl_conf
=
git__malloc
(
sizeof
(
mbedtls_ssl_config
));
...
...
@@ -73,6 +84,24 @@ int git_mbedtls_stream_global_init(void)
mbedtls_ssl_conf_min_version
(
git__ssl_conf
,
MBEDTLS_SSL_MAJOR_VERSION_3
,
MBEDTLS_SSL_MINOR_VERSION_0
);
mbedtls_ssl_conf_authmode
(
git__ssl_conf
,
MBEDTLS_SSL_VERIFY_REQUIRED
);
/* set the list of allowed ciphersuites */
ciphers_list
=
calloc
(
GIT_SSL_DEFAULT_CIPHERS_COUNT
,
sizeof
(
int
));
ciphers_known
=
0
;
cipher_string
=
cipher_string_tmp
=
git__strdup
(
GIT_SSL_DEFAULT_CIPHERS
);
while
((
cipher_name
=
git__strtok
(
&
cipher_string_tmp
,
":"
))
!=
NULL
)
{
int
cipherid
=
mbedtls_ssl_get_ciphersuite_id
(
cipher_name
);
if
(
cipherid
==
0
)
continue
;
ciphers_list
[
ciphers_known
++
]
=
cipherid
;
}
git__free
(
cipher_string
);
if
(
!
ciphers_known
)
{
giterr_set
(
GITERR_SSL
,
"no cipher could be enabled"
);
goto
cleanup
;
}
mbedtls_ssl_conf_ciphersuites
(
git__ssl_conf
,
ciphers_list
);
/* Seeding the random number generator */
mbedtls_entropy
=
git__malloc
(
sizeof
(
mbedtls_entropy_context
));
mbedtls_entropy_init
(
mbedtls_entropy
);
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment