- 28 Nov, 2018 3 commits
-
-
We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency.
Edward Thomson committed -
The implementations of git_openssl_stream_new and git_mbedtls_stream_new have callers protected by #ifdefs and are never called unless compiled in. There's no need for a dummy implementation. Remove them.
Edward Thomson committed -
Introduce `git_tls_stream_wrap` which will take an existing `stream` with an already connected socket and begin speaking TLS on top of it. This is useful if you've built a connection to a proxy server and you wish to begin CONNECT over it to tunnel a TLS connection. Also update the pluggable TLS stream layer so that it can accept a registration structure that provides an `init` and `wrap` function, instead of a single initialization function.
Edward Thomson committed
-
- 01 Nov, 2018 2 commits
-
-
ssl_close uses this boolean to know if SSL_shutdown should be called. It turns out OpenSSL auto-shutdowns on failure, so if the call to SSL_connect fails, it will complain about "shutdown while in init", trampling the original error.
Etienne Samson committed -
Etienne Samson committed
-
- 06 Jul, 2018 1 commit
-
-
In case when the global initialization of the OpenSSL stream fails, the user is left without any hint as to what went wrong as we do not provide any error message at all. This commit refactors the init function to have a common error path, which now also sets an error message including the error string provided by OpenSSL.
Patrick Steinhardt committed
-
- 25 Jun, 2018 1 commit
-
-
SIGSEGV otherwise...
Nikita Leshenko committed
-
- 30 May, 2018 1 commit
-
-
The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.
Quentin Minster committed
-
- 04 May, 2018 1 commit
-
-
Our provided callback function `threadid_cb(CRYPTO_THREADID *threadid)` sets up a unique thread ID by asking pthread for the current thread ID. Since openssl version 1.1, `CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving the `threadid` argument unused after the preprocessor has processed the macro. GCC does not account for that situation and will thus complain about `threadid` being unused. Silence this warning by using `GIT_UNUSED(threadid)`.
Patrick Steinhardt committed
-
- 30 Apr, 2018 1 commit
-
-
This is the "OpenSSL available" global init function after all
Etienne Samson committed
-
- 03 Apr, 2018 3 commits
-
-
In order to further avoid using ifdef's in our code flow, provide the function `OPENSSL_init_ssl` in case we are using the legacy OpenSSL API.
Patrick Steinhardt committed -
By now, we have several locations where we are checking the version of OpenSSL to determine whether we can use the new "modern" API or need to use the pre-1.1 legacy API. As we have multiple implementations of OpenSSL with the rather recent libressl implementation, these checks need to honor versions of both implementations, which is rather tedious. Instead, we can just check once for the correct versions and define `OPENSSL_LEGACY_API` in case we cannot use the modern API.
Patrick Steinhardt committed -
OpenSSL version 1.1 has broken its API in quite a few ways. To avoid having to use ifdef's everywhere, we have implemented the BIO functions added in version 1.1 ourselves in case we are using the legacy API. We were implementing them in the header file, though, which doesn't make a lot of sense, since these functions are only ever being used the the openssl stream implementation. Move these functions to the implementation file and mark them static.
Patrick Steinhardt committed
-
- 02 Apr, 2018 1 commit
-
-
LibreSSL 2.7 adds OpenSSL 1.1 API Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
Bernard Spil committed
-
- 16 Feb, 2018 1 commit
-
-
When verifying the server certificate, we do try to make sure that the hostname actually matches the certificate alternative names. In cases where the host is either an IPv4 or IPv6 address, we have to compare the binary representations of the hostname with the declared IP address of the certificate. We only do that comparison in case we were successfully able to parse the hostname as an IP, which would always result in the memory region being initialized. Still, GCC 6.4.0 was complaining about usage of non-initialized memory. Fix the issue by simply asserting that `addr` needs to be initialized. This shuts up the GCC warning.
Patrick Steinhardt committed
-
- 03 Jan, 2018 1 commit
-
-
The function `ERR_error_string` can be invoked without providing a buffer, in which case OpenSSL will simply return a string printed into a static buffer. Obviously and as documented in ERR_error_string(3), this is not thread-safe at all. As libgit2 is a library, though, it is easily possible that other threads may be using OpenSSL at the same time, which might lead to clobbered error strings. Fix the issue by instead using a stack-allocated buffer. According to the documentation, the caller has to provide a buffer of at least 256 bytes of size. While we do so, make sure that the buffer will never get overflown by switching to `ERR_error_string_n` to specify the buffer's size.
Patrick Steinhardt committed
-
- 15 Dec, 2017 2 commits
-
-
Per SSL_get_peer_certificate docs: ``` The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free(). ```
Etienne Samson committed -
This makes it easier to cleanup allocated resources on exit.
Etienne Samson committed
-
- 30 Nov, 2017 1 commit
-
-
While the OpenSSL library provides all means to work safely in a multi-threaded application, we fail to do so correctly. Quoting from crypto_lock(3): OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func. We do in fact provide the means to set up the locking function via `git_openssl_set_locking()`, where we initialize a set of locks by using the POSIX threads API and set the correct callback function to lock and unlock them. But what we do not do is setting the `threadid_func` callback. This function is being used to correctly locate thread-local data of the OpenSSL library and should thus return per-thread identifiers. Digging deeper into OpenSSL's documentation, the library does provide a fallback in case that locking function is not provided by the user. On Windows and BeOS we should be safe, as it simply "uses the system's default thread identifying API". On other platforms though OpenSSL will fall back to using the address of `errno`, assuming it is thread-local. While this assumption holds true for glibc-based systems, POSIX in fact does not specify whether it is thread-local or not. Quoting from errno(3p): It is unspecified whether errno is a macro or an identifier declared with external linkage. And in fact, with musl there is at least one libc implementation which simply declares `errno` as a simple `int` without being thread-local. On those systems, the fallback threadid function of OpenSSL will not be thread-safe. Fix this by setting up our own callback for this setting. As users of libgit2 may want to set it themselves, we obviously cannot always set that function on initialization. But as we already set up primitives for threading in `git_openssl_set_locking()`, this function becomes the obvious choice where to implement the additional setup.
Patrick Steinhardt committed
-
- 23 Oct, 2017 2 commits
-
-
Etienne Samson committed
-
Etienne Samson committed
-
- 03 Jul, 2017 1 commit
-
-
Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt committed
-
- 07 Jun, 2017 1 commit
-
-
OpenSSL v1.1 has introduced a new way of initializing the library without having to call various functions of different subsystems. In libgit2, we have been adapting to that change with 88520151 (openssl_stream: use new initialization function on OpenSSL version >=1.1, 2017-04-07), where we added an #ifdef depending on the OpenSSL version. This change broke building with libressl, though, which has not changed its API in the same way. Fix the issue by expanding the #ifdef condition to use the old way of initializing with libressl. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Marc-Antoine Perennou committed
-
- 10 Apr, 2017 2 commits
-
-
Previous to OpenSSL version 1.1, the user had to initialize at least the error strings as well as the SSL algorithms by himself. OpenSSL version 1.1 instead provides a new function `OPENSSL_init_ssl`, which handles initialization of all subsystems. As the new API call will by default load error strings and initialize the SSL algorithms, we can safely replace these calls when compiling against version 1.1 or later. This fixes a compiler error when compiling against OpenSSL version 1.1 which has been built without stubs for deprecated syntax.
Patrick Steinhardt committed -
Up to version 1.0, OpenSSL required us to provide a callback which implements a locking mechanism. Due to problems in the API design though this mechanism was inherently broken, especially regarding that the locking callback cannot report errors in an obvious way. Due to this shortcoming, the locking initialization has been completely removed in OpenSSL version 1.1. As the library has also been refactored to not make any use of these callback functions, we can safely remove all initialization of the locking subsystem if compiling against OpenSSL version 1.1 or higher. This fixes a compilation error when compiling against OpenSSL version 1.1 which has been built without stubs for deprecated syntax.
Patrick Steinhardt committed
-
- 20 Mar, 2017 1 commit
-
-
The OpenSSL library may require multiple locks to work correctly, where it is the caller's responsibility to initialize and release the locks. While we correctly initialized up to `n` locks, as determined by `CRYPTO_num_locks`, we were repeatedly freeing the same mutex in our shutdown procedure. Fix the issue by freeing locks at the correct index.
Patrick Steinhardt committed
-
- 29 Dec, 2016 1 commit
-
-
Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Edward Thomson committed
-
- 02 Nov, 2016 2 commits
-
-
For older versions we can fall back on the deprecated ASN1_STRING_data.
Carlos Martín Nieto committed -
We want to program against the interface, so recreate it when we compile against pre-1.1 versions.
Carlos Martín Nieto committed
-
- 31 Oct, 2016 1 commit
-
-
Patrick Steinhardt committed
-
- 12 Oct, 2016 1 commit
-
-
Closes: https://github.com/libgit2/libgit2/issues/3959 Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Igor Gnatenko committed
-
- 27 Apr, 2016 1 commit
-
-
Christian Schlack committed
-
- 26 Apr, 2016 1 commit
-
-
openssl_read should return -1 in case of error. SSL_read returns values <= 0 in case of error. A return value of 0 can lead to an infinite loop, so the return value of ssl_set_error will be returned if SSL_read is not successful (analog to openssl_write).
Christian Schlack committed
-
- 19 Apr, 2016 1 commit
-
-
Carlos Martín Nieto committed
-
- 14 Mar, 2016 1 commit
-
-
This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
Dirkjan Bussink committed
-
- 24 Feb, 2016 2 commits
-
-
Carlos Martín Nieto committed
-
This got lost duing the move and it lets the users call this function just in case.
Carlos Martín Nieto committed
-
- 23 Feb, 2016 2 commits
-
-
Patrick Steinhardt committed
-
Patrick Steinhardt committed
-
- 19 Feb, 2016 1 commit
-
-
We need to include the header where we define the function. Otherwise it won't be available on the DLL.
Carlos Martín Nieto committed
-