Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
cdb9f390
Commit
cdb9f390
authored
Aug 24, 2021
by
Zachary Michaels
Committed by
Edward Thomson
Aug 29, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
mbedTLS: Fix setting certificate directory
fixes #6003
parent
0e047268
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
15 deletions
+9
-15
src/libgit2.c
+1
-4
src/streams/mbedtls.c
+7
-10
src/streams/mbedtls.h
+1
-1
No files found.
src/libgit2.c
View file @
cdb9f390
...
@@ -261,10 +261,7 @@ int git_libgit2_opts(int key, ...)
...
@@ -261,10 +261,7 @@ int git_libgit2_opts(int key, ...)
{
{
const
char
*
file
=
va_arg
(
ap
,
const
char
*
);
const
char
*
file
=
va_arg
(
ap
,
const
char
*
);
const
char
*
path
=
va_arg
(
ap
,
const
char
*
);
const
char
*
path
=
va_arg
(
ap
,
const
char
*
);
if
(
file
)
error
=
git_mbedtls__set_cert_location
(
file
,
path
);
error
=
git_mbedtls__set_cert_location
(
file
,
0
);
if
(
error
&&
path
)
error
=
git_mbedtls__set_cert_location
(
path
,
1
);
}
}
#else
#else
git_error_set
(
GIT_ERROR_SSL
,
"TLS backend doesn't support certificate locations"
);
git_error_set
(
GIT_ERROR_SSL
,
"TLS backend doesn't support certificate locations"
);
...
...
src/streams/mbedtls.c
View file @
cdb9f390
...
@@ -68,8 +68,6 @@ static void shutdown_ssl(void)
...
@@ -68,8 +68,6 @@ static void shutdown_ssl(void)
}
}
}
}
int
git_mbedtls__set_cert_location
(
const
char
*
path
,
int
is_dir
);
int
git_mbedtls_stream_global_init
(
void
)
int
git_mbedtls_stream_global_init
(
void
)
{
{
int
loaded
=
0
;
int
loaded
=
0
;
...
@@ -148,9 +146,9 @@ int git_mbedtls_stream_global_init(void)
...
@@ -148,9 +146,9 @@ int git_mbedtls_stream_global_init(void)
/* load default certificates */
/* load default certificates */
if
(
crtpath
!=
NULL
&&
stat
(
crtpath
,
&
statbuf
)
==
0
&&
S_ISREG
(
statbuf
.
st_mode
))
if
(
crtpath
!=
NULL
&&
stat
(
crtpath
,
&
statbuf
)
==
0
&&
S_ISREG
(
statbuf
.
st_mode
))
loaded
=
(
git_mbedtls__set_cert_location
(
crtpath
,
0
)
==
0
);
loaded
=
(
git_mbedtls__set_cert_location
(
crtpath
,
NULL
)
==
0
);
if
(
!
loaded
&&
crtpath
!=
NULL
&&
stat
(
crtpath
,
&
statbuf
)
==
0
&&
S_ISDIR
(
statbuf
.
st_mode
))
if
(
!
loaded
&&
crtpath
!=
NULL
&&
stat
(
crtpath
,
&
statbuf
)
==
0
&&
S_ISDIR
(
statbuf
.
st_mode
))
loaded
=
(
git_mbedtls__set_cert_location
(
crtpath
,
1
)
==
0
);
loaded
=
(
git_mbedtls__set_cert_location
(
NULL
,
crtpath
)
==
0
);
return
git_runtime_shutdown_register
(
shutdown_ssl
);
return
git_runtime_shutdown_register
(
shutdown_ssl
);
...
@@ -438,23 +436,22 @@ int git_mbedtls_stream_new(
...
@@ -438,23 +436,22 @@ int git_mbedtls_stream_new(
return
error
;
return
error
;
}
}
int
git_mbedtls__set_cert_location
(
const
char
*
path
,
int
is_dir
)
int
git_mbedtls__set_cert_location
(
const
char
*
file
,
const
char
*
path
)
{
{
int
ret
=
0
;
int
ret
=
0
;
char
errbuf
[
512
];
char
errbuf
[
512
];
mbedtls_x509_crt
*
cacert
;
mbedtls_x509_crt
*
cacert
;
GIT_ASSERT_ARG
(
path
);
GIT_ASSERT_ARG
(
file
||
path
);
cacert
=
git__malloc
(
sizeof
(
mbedtls_x509_crt
));
cacert
=
git__malloc
(
sizeof
(
mbedtls_x509_crt
));
GIT_ERROR_CHECK_ALLOC
(
cacert
);
GIT_ERROR_CHECK_ALLOC
(
cacert
);
mbedtls_x509_crt_init
(
cacert
);
mbedtls_x509_crt_init
(
cacert
);
if
(
is_dir
)
{
if
(
file
)
ret
=
mbedtls_x509_crt_parse_file
(
cacert
,
file
);
if
(
ret
>=
0
&&
path
)
ret
=
mbedtls_x509_crt_parse_path
(
cacert
,
path
);
ret
=
mbedtls_x509_crt_parse_path
(
cacert
,
path
);
}
else
{
ret
=
mbedtls_x509_crt_parse_file
(
cacert
,
path
);
}
/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
if
(
ret
<
0
)
{
if
(
ret
<
0
)
{
mbedtls_x509_crt_free
(
cacert
);
mbedtls_x509_crt_free
(
cacert
);
...
...
src/streams/mbedtls.h
View file @
cdb9f390
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
extern
int
git_mbedtls_stream_global_init
(
void
);
extern
int
git_mbedtls_stream_global_init
(
void
);
#ifdef GIT_MBEDTLS
#ifdef GIT_MBEDTLS
extern
int
git_mbedtls__set_cert_location
(
const
char
*
path
,
int
is_dir
);
extern
int
git_mbedtls__set_cert_location
(
const
char
*
file
,
const
char
*
path
);
extern
int
git_mbedtls_stream_new
(
git_stream
**
out
,
const
char
*
host
,
const
char
*
port
);
extern
int
git_mbedtls_stream_new
(
git_stream
**
out
,
const
char
*
host
,
const
char
*
port
);
extern
int
git_mbedtls_stream_wrap
(
git_stream
**
out
,
git_stream
*
in
,
const
char
*
host
);
extern
int
git_mbedtls_stream_wrap
(
git_stream
**
out
,
git_stream
*
in
,
const
char
*
host
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
