- 10 Sep, 2015 1 commit
-
-
Matt Burke committed
-
- 08 Sep, 2015 2 commits
-
-
Matt Burke committed
-
Matt Burke committed
-
- 04 Sep, 2015 4 commits
-
-
Matt Burke committed
-
Matt Burke committed
-
Matt Burke committed
-
Matt Burke committed
-
- 15 Aug, 2015 1 commit
-
-
When we ask for credentials, the user may choose to return EUSER to indicate that an error has happened on its end and it wants to be given back control. We must therefore pass that back to the user instead of mentioning that it was on_headers_complete() that returned an error code. Since we can, we return the exact error code from the user (other than PASSTHROUGH) since it doesn't cost anything, though using other error codes aren't recommended.
Carlos Martín Nieto committed
-
- 29 Jul, 2015 1 commit
-
-
Fixes issue #3338
Anders Borum committed
-
- 12 Jul, 2015 1 commit
-
-
The header src/cc-compat.h defines portable format specifiers PRIuZ, PRIdZ, and PRIxZ. The original report highlighted the need to use these specifiers in examples/network/fetch.c. For this commit, I checked all C source and header files not in deps/ and transitioned to the appropriate format specifier where appropriate.
Matthew Plough committed
-
- 30 Jun, 2015 1 commit
-
-
t->cred might have been allocated the previous time and needs to be freed before asking caller for credentials again.
Pierre-Olivier Latour committed
-
- 29 Jun, 2015 1 commit
-
-
When the server rejects an authentication request, ask the caller for the credentials again, instead of giving up on the first try.
Carlos Martín Nieto committed
-
- 24 Jun, 2015 4 commits
-
-
We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
Carlos Martín Nieto committed -
The TLS streams talk over the curl stream themselves, so we don't need to ask for it explicitly. Do so in the case of the non-encrypted one so we can still make use proxies in that case.
Carlos Martín Nieto committed -
Of the built-in ones, only cURL support it, but there's no reason a user-provided stream wouldn't support it.
Carlos Martín Nieto committed -
cURL has a mode in which it acts a lot like our streams, providing send and recv functions and taking care of the TLS and proxy setup for us. Implement a new stream which uses libcurl instead of raw sockets or the TLS libraries directly. This version does not support reporting certificates or proxies yet.
Carlos Martín Nieto committed
-
- 11 May, 2015 1 commit
-
-
J Wyman committed
-
- 23 Apr, 2015 3 commits
-
-
This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.
Carlos Martín Nieto committed -
Instead, provide git_tls_stream_new() to ask for the most appropriate encrypted stream and use it in our HTTP transport.
Carlos Martín Nieto committed -
As an alternative to OpenSSL when we're on OS X. This one can actually take advantage of stacking the streams.
Carlos Martín Nieto committed
-
- 18 Mar, 2015 1 commit
-
-
The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Leo Yang committed
-
- 16 Mar, 2015 1 commit
-
-
When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.
Carlos Martín Nieto committed
-
- 03 Mar, 2015 1 commit
-
-
The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.
Carlos Martín Nieto committed
-
- 10 Dec, 2014 2 commits
-
-
Carlos Martín Nieto committed
-
Carlos Martín Nieto committed
-
- 19 Nov, 2014 1 commit
-
-
When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
Carlos Martín Nieto committed
-
- 27 Oct, 2014 1 commit
-
-
Edward Thomson committed
-
- 22 Sep, 2014 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 16 Sep, 2014 6 commits
-
-
Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto committed -
This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
Carlos Martín Nieto committed -
Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto committed -
We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto committed -
Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
Carlos Martín Nieto committed -
If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Carlos Martín Nieto committed
-
- 16 Aug, 2014 1 commit
-
-
The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.
Carlos Martín Nieto committed
-
- 15 Aug, 2014 4 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
Decode base64-encoded text into a git_buf
Edward Thomson committed -
Edward Thomson committed
-
- 13 Jun, 2014 1 commit
-
-
We want to check whether the credentials callback is NULL, not whether the payload is.
Carlos Martín Nieto committed
-