Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
9b51cc82
Commit
9b51cc82
authored
Jan 24, 2017
by
Carlos Martín Nieto
Committed by
GitHub
Jan 24, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #4050 from ethomson/ethomson/winhttp_errmsgs
WinHTTP: set proper error messages when SSL fails
parents
11968073
1910a04a
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
47 additions
and
7 deletions
+47
-7
src/transports/winhttp.c
+47
-7
No files found.
src/transports/winhttp.c
View file @
9b51cc82
...
@@ -242,8 +242,12 @@ static int certificate_check(winhttp_stream *s, int valid)
...
@@ -242,8 +242,12 @@ static int certificate_check(winhttp_stream *s, int valid)
git_cert_x509
cert
;
git_cert_x509
cert
;
/* If there is no override, we should fail if WinHTTP doesn't think it's fine */
/* If there is no override, we should fail if WinHTTP doesn't think it's fine */
if
(
t
->
owner
->
certificate_check_cb
==
NULL
&&
!
valid
)
if
(
t
->
owner
->
certificate_check_cb
==
NULL
&&
!
valid
)
{
if
(
!
giterr_last
())
giterr_set
(
GITERR_NET
,
"unknown certificate check failure"
);
return
GIT_ECERTIFICATE
;
return
GIT_ECERTIFICATE
;
}
if
(
t
->
owner
->
certificate_check_cb
==
NULL
||
!
t
->
connection_data
.
use_ssl
)
if
(
t
->
owner
->
certificate_check_cb
==
NULL
||
!
t
->
connection_data
.
use_ssl
)
return
0
;
return
0
;
...
@@ -691,6 +695,38 @@ static int user_agent(git_buf *ua)
...
@@ -691,6 +695,38 @@ static int user_agent(git_buf *ua)
return
git_buf_putc
(
ua
,
')'
);
return
git_buf_putc
(
ua
,
')'
);
}
}
static
void
CALLBACK
winhttp_status
(
HINTERNET
connection
,
DWORD_PTR
ctx
,
DWORD
code
,
LPVOID
info
,
DWORD
info_len
)
{
DWORD
status
;
if
(
code
!=
WINHTTP_CALLBACK_STATUS_SECURE_FAILURE
)
return
;
status
=
*
((
DWORD
*
)
info
);
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID
))
giterr_set
(
GITERR_NET
,
"SSL certificate issued for different common name"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_CERT_DATE_INVALID
))
giterr_set
(
GITERR_NET
,
"SSL certificate has expired"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA
))
giterr_set
(
GITERR_NET
,
"SSL certificate signed by unknown CA"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CERT
))
giterr_set
(
GITERR_NET
,
"SSL certificate is invalid"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED
))
giterr_set
(
GITERR_NET
,
"certificate revocation check failed"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_CERT_REVOKED
))
giterr_set
(
GITERR_NET
,
"SSL certificate was revoked"
);
else
if
((
status
&
WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR
))
giterr_set
(
GITERR_NET
,
"security libraries could not be loaded"
);
else
giterr_set
(
GITERR_NET
,
"unknown security error %d"
,
status
);
}
static
int
winhttp_connect
(
static
int
winhttp_connect
(
winhttp_subtransport
*
t
)
winhttp_subtransport
*
t
)
{
{
...
@@ -760,6 +796,11 @@ static int winhttp_connect(
...
@@ -760,6 +796,11 @@ static int winhttp_connect(
goto
on_error
;
goto
on_error
;
}
}
if
(
WinHttpSetStatusCallback
(
t
->
connection
,
winhttp_status
,
WINHTTP_CALLBACK_FLAG_SECURE_FAILURE
,
0
)
==
WINHTTP_INVALID_STATUS_CALLBACK
)
{
giterr_set
(
GITERR_OS
,
"failed to set status callback"
);
goto
on_error
;
}
error
=
0
;
error
=
0
;
on_error:
on_error:
...
@@ -798,16 +839,15 @@ static int send_request(winhttp_stream *s, size_t len, int ignore_length)
...
@@ -798,16 +839,15 @@ static int send_request(winhttp_stream *s, size_t len, int ignore_length)
int
request_failed
=
0
,
cert_valid
=
1
,
error
=
0
;
int
request_failed
=
0
,
cert_valid
=
1
,
error
=
0
;
DWORD
ignore_flags
;
DWORD
ignore_flags
;
if
((
error
=
do_send_request
(
s
,
len
,
ignore_length
))
<
0
)
giterr_clear
();
request_failed
=
1
;
if
((
error
=
do_send_request
(
s
,
len
,
ignore_length
))
<
0
)
{
if
(
request_failed
)
{
if
(
GetLastError
()
!=
ERROR_WINHTTP_SECURE_FAILURE
)
{
if
(
GetLastError
()
!=
ERROR_WINHTTP_SECURE_FAILURE
)
{
giterr_set
(
GITERR_OS
,
"failed to send request"
);
giterr_set
(
GITERR_OS
,
"failed to send request"
);
return
-
1
;
return
-
1
;
}
else
{
cert_valid
=
0
;
}
}
request_failed
=
1
;
cert_valid
=
0
;
}
}
giterr_clear
();
giterr_clear
();
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment