delta/libgit2.git/src/streams/openssl.c, branch ethomson/git_obj github.com: libgit2/libgit2.git http: remove cURL 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-29T10:04:48+00:00 21142c5a61fca0d44cbf51824dbe28f6324229e8 We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency. 
We previously used cURL to support HTTP proxies.  Now that we've added
this support natively, we can remove the curl dependency.
streams: remove unused tls functions 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-29T08:59:33+00:00 2878ad08316155bfaf7b2d7b3204aece13c9936a The implementations of git_openssl_stream_new and git_mbedtls_stream_new have callers protected by #ifdefs and are never called unless compiled in. There's no need for a dummy implementation. Remove them. 
The implementations of git_openssl_stream_new and
git_mbedtls_stream_new have callers protected by #ifdefs and
are never called unless compiled in.  There's no need for a
dummy implementation.  Remove them.
tls: introduce a wrap function 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-25T07:49:01+00:00 43b592ac84dbd3d649022ff9503f00ecc83d5278 Introduce `git_tls_stream_wrap` which will take an existing `stream` with an already connected socket and begin speaking TLS on top of it. This is useful if you've built a connection to a proxy server and you wish to begin CONNECT over it to tunnel a TLS connection. Also update the pluggable TLS stream layer so that it can accept a registration structure that provides an `init` and `wrap` function, instead of a single initialization function. 
Introduce `git_tls_stream_wrap` which will take an existing `stream`
with an already connected socket and begin speaking TLS on top of it.
This is useful if you've built a connection to a proxy server and you
wish to begin CONNECT over it to tunnel a TLS connection.

Also update the pluggable TLS stream layer so that it can accept a
registration structure that provides an `init` and `wrap` function,
instead of a single initialization function.
openssl: only say we're connected if the connection succeeded 2018-11-01T04:04:29+00:00 Etienne Samson samson.etienne@gmail.com 2018-08-28T23:57:24+00:00 03994912795f1a6d2bd560e0bce5af64b9c0dee2 ssl_close uses this boolean to know if SSL_shutdown should be called. It turns out OpenSSL auto-shutdowns on failure, so if the call to SSL_connect fails, it will complain about "shutdown while in init", trampling the original error. 
ssl_close uses this boolean to know if SSL_shutdown should be called.
It turns out OpenSSL auto-shutdowns on failure, so if the call to
SSL_connect fails, it will complain about "shutdown while in init",
trampling the original error.
openssl: set the error class to GITERR_SSL 2018-11-01T04:04:14+00:00 Etienne Samson samson.etienne@gmail.com 2018-08-28T23:57:22+00:00 caee0a6629d95669400bf6e64f64b81e5aebaa92 






streams: report OpenSSL errors if global init fails
2018-07-06T08:41:22+00:00

Patrick Steinhardt
ps@pks.im

2018-06-29T11:35:14+00:00

75395c871d24027da4b4fe8e1532931db018aa50

In case when the global initialization of the OpenSSL stream fails, the
user is left without any hint as to what went wrong as we do not provide
any error message at all. This commit refactors the init function to
have a common error path, which now also sets an error message including
the error string provided by OpenSSL.





In case when the global initialization of the OpenSSL stream fails, the
user is left without any hint as to what went wrong as we do not provide
any error message at all. This commit refactors the init function to
have a common error path, which now also sets an error message including
the error string provided by OpenSSL.







streams: openssl: Handle error in SSL_CTX_new
2018-06-25T16:12:29+00:00

Nikita Leshenko
nikita@leshenko.net

2018-06-25T14:30:04+00:00

05d89e728bfa8e3370b077888d8841ce59ee9bab

SIGSEGV otherwise...





SIGSEGV otherwise...







streams: openssl: add missing check on OPENSSL_LEGACY_API
2018-05-30T00:15:09+00:00

Quentin Minster
laomaiweng@minster.io

2018-05-30T00:15:09+00:00

b1cab70b2c85c77cb7214fac86ae498766337ce1

The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.




The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.






streams: openssl: fix bogus warning on unused parameter
2018-05-04T13:25:11+00:00

Patrick Steinhardt
ps@pks.im

2018-05-04T13:25:11+00:00

ba5e39ac92addf5d2183ac4ceb66ab52c59c017b

Our provided callback function `threadid_cb(CRYPTO_THREADID
*threadid)` sets up a unique thread ID by asking pthread for the
current thread ID.  Since openssl version 1.1,
`CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving
the `threadid` argument unused after the preprocessor has
processed the macro. GCC does not account for that situation and
will thus complain about `threadid` being unused.

Silence this warning by using `GIT_UNUSED(threadid)`.





Our provided callback function `threadid_cb(CRYPTO_THREADID
*threadid)` sets up a unique thread ID by asking pthread for the
current thread ID.  Since openssl version 1.1,
`CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving
the `threadid` argument unused after the preprocessor has
processed the macro. GCC does not account for that situation and
will thus complain about `threadid` being unused.

Silence this warning by using `GIT_UNUSED(threadid)`.







openssl: remove leftover #ifdef
2018-04-30T08:32:23+00:00

Etienne Samson
samson.etienne@gmail.com

2018-02-08T22:50:14+00:00

173a0375a8eec02c1b40e73187347ca958e42b84

This is the "OpenSSL available" global init function after all




This is the "OpenSSL available" global init function after all