summaryrefslogtreecommitdiff
path: root/src/openssl_stream.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #3960 from ignatenkobrain/openssl-1.1.0Carlos Martín Nieto2016-11-021-25/+44
|\ | | | | add support for OpenSSL 1.1.0 for BIO filter
| * openssl: use ASN1_STRING_get0_data when compiling against 1.1Carlos Martín Nieto2016-11-021-2/+2
| | | | | | | | For older versions we can fall back on the deprecated ASN1_STRING_data.
| * openssl: recreate the OpenSSL 1.1 BIO interface for older versionsCarlos Martín Nieto2016-11-021-55/+37
| | | | | | | | | | We want to program against the interface, so recreate it when we compile against pre-1.1 versions.
| * add support for OpenSSL 1.1.0 for BIO filterIgor Gnatenko2016-10-121-0/+37
| | | | | | | | | | Closes: https://github.com/libgit2/libgit2/issues/3959 Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
* | openssl_stream: fix typoPatrick Steinhardt2016-10-311-1/+1
|/
* Fix style: no bracesChristian Schlack2016-04-271-2/+1
|
* Fix return value of openssl_read (infinite loop)Christian Schlack2016-04-261-2/+3
| | | | | | | | | | openssl_read should return -1 in case of error. SSL_read returns values <= 0 in case of error. A return value of 0 can lead to an infinite loop, so the return value of ssl_set_error will be returned if SSL_read is not successful (analog to openssl_write).
* net: use proxy options struct in the stream configCarlos Martín Nieto2016-04-191-2/+2
|
* Setup better defaults for OpenSSL ciphersDirkjan Bussink2016-03-141-0/+13
| | | | | | | | | This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
* Merge pull request #3628 from pks-t/pks/coverity-fixesEdward Thomson2016-02-251-2/+12
|\ | | | | Coverity fixes
| * openssl_stream: fix NULL pointer dereferencePatrick Steinhardt2016-02-231-0/+2
| |
| * openssl_stream: fix memory leak when creating new streamPatrick Steinhardt2016-02-231-2/+10
| |
* | openssl: we already had the function, just needed the headercmn/thisisterribleCarlos Martín Nieto2016-02-241-6/+1
| |
* | openssl: export the locking function when building without OpenSSLCarlos Martín Nieto2016-02-241-0/+6
|/ | | | | This got lost duing the move and it lets the users call this function just in case.
* openssl: re-export the last-resort locking functionv0.24.0-rc1cmn/init-sshCarlos Martín Nieto2016-02-191-0/+1
| | | | | We need to include the header where we define the function. Otherwise it won't be available on the DLL.
* openssl: free the context even if we don't connectCarlos Martín Nieto2016-02-191-1/+1
|
* global: make openssl registration like the restEdward Thomson2016-02-081-0/+120
|
* openssl: don't try to teardown an unconnected SSL contextcmn/ssl-nullCarlos Martín Nieto2015-09-301-1/+6
| | | | | | SSL_shutdown() does not like it when we pass an unitialized ssl context to it. This means that when we fail to connect to a host, we hide the error message saying so with OpenSSL's indecipherable error message.
* Merge pull request #3297 from tkelman/patch-2Carlos Martín Nieto2015-07-101-0/+2
|\ | | | | Fix undefined reference with old versions of openssl
| * Fix undefined reference with old versions of opensslTony Kelman2015-07-071-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Versions prior to 0.9.8f did not have this function, rhel/centos5 are still on a heavily backported version of 0.9.8e and theoretically supported until March 2017 Without this ifdef, I get the following link failure: ``` CMakeFiles/libgit2_clar.dir/src/openssl_stream.c.o: In function `openssl_connect': openssl_stream.c:(.text+0x45a): undefined reference to `SSL_set_tlsext_host_name' collect2: error: ld returned 1 exit status make[6]: *** [libgit2_clar] Error 1 ```
* | git_cert: child types use proper base typeEdward Thomson2015-07-101-2/+3
|/
* openssl: free hostnameEdward Thomson2015-06-291-0/+1
|
* Fixed build failure if GIT_CURL is not definedPierre-Olivier Latour2015-06-261-1/+1
|
* curl: remove the encrypted param to the constructorCarlos Martín Nieto2015-06-241-1/+1
| | | | | We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
* openssl: use the curl stream if availableCarlos Martín Nieto2015-06-241-12/+110
| | | | | | | | When linking against libcurl, use it as the underlying transport instead of straight sockets. We can't quite just give over the file descriptor, as curl puts it into non-blocking mode, so we build a custom BIO so OpenSSL sends the data through our stream, be it the socket or curl streams.
* Merge pull request #3108 from libgit2/cmn/ssl-no-wantEdward Thomson2015-05-221-16/+5
|\ | | | | openssl: don't try to handle WANT_READ or WANT_WRITE
| * openssl: don't try to handle WANT_READ or WANT_WRITEcmn/ssl-no-wantCarlos Martín Nieto2015-05-091-16/+5
| | | | | | | | | | | | | | | | | | We use a blocking socket and set the mode to AUTO_RETRY which means that `SSL_write` and `SSL_read` will only return once the read or write has been completed. We therefore don't need to handle partial writes or re-try read due to a regenotiation. While here, consider that a zero also indicates an error condition.
* | Merge branch 'sni'Carlos Martín Nieto2015-05-211-0/+3
|\ \
| * | Call the openssl API to be able to work with SNI servers.Cristian Oneț2015-05-211-0/+3
| |/
* | errors: add GIT_EEOF to indicate early EOFcmn/server-errorsCarlos Martín Nieto2015-05-201-0/+1
|/ | | | | | This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.
* Rename GIT_SSL to GIT_OPENSSLCarlos Martín Nieto2015-04-231-1/+1
| | | | | This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.
* Silence unused warnings when not using OpenSSLCarlos Martín Nieto2015-04-231-0/+4
|
* Include openssl headers lastAki Koskinen2015-03-021-4/+4
| | | | | | | | | Windows headers #define some names that openssl uses too. Openssl headers #undef the offending names before reusing them. But if those offending Windows headers get included after the openssl headers the namespace is polluted and nothing good happens. Fixes issue #2850.
* Don't include headers on windows that aren't availableAki Koskinen2015-03-021-3/+6
| | | | This mainly concerns mingw build.
* openssl: Add all required includes for AF_INET6 and in6_addr.Raphael Kubo da Costa2015-01-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | This fixes the build at least on FreeBSD, where those types were not defined indirectly: src/openssl_stream.c:100:18: error: variable has incomplete type 'struct in6_addr' struct in6_addr addr6; ^ src/openssl_stream.c:100:9: note: forward declaration of 'struct in6_addr' struct in6_addr addr6; ^ src/openssl_stream.c:111:18: error: use of undeclared identifier 'AF_INET' if (p_inet_pton(AF_INET, host, &addr4)) { ^ src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton' ^ src/openssl_stream.c:115:18: error: use of undeclared identifier 'AF_INET6' if(p_inet_pton(AF_INET6, host, &addr6)) { ^ src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton' ^
* stream: constify the write bufferCarlos Martín Nieto2014-12-101-1/+1
|
* gitno: remove code which is no longer neededCarlos Martín Nieto2014-12-101-1/+2
| | | | | | Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.
* Add an OpenSSL IO streamCarlos Martín Nieto2014-12-101-0/+374
This unfortunately isn't as stackable as could be possible, as it hard-codes the socket stream. This is because the method of using a custom openssl BIO is not clear, and we do not need this for now. We can still bring this in if and as we need it.
View Lorry Controller Status