diff options
author | Zachary Michaels <mikezackles@gmail.com> | 2021-08-24 17:37:15 -0700 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2021-08-29 21:52:30 -0400 |
commit | cdb9f3903ef650a5289ea944770ba38d688e5899 (patch) | |
tree | 2a199d0e3b4eaad833e08e6828fc474813665e74 | |
parent | 0e0472686680102ebfc81e85089273990fb86757 (diff) | |
download | libgit2-ethomson/custom_cert_locations.tar.gz |
mbedTLS: Fix setting certificate directoryethomson/custom_cert_locations
fixes #6003
-rw-r--r-- | src/libgit2.c | 5 | ||||
-rw-r--r-- | src/streams/mbedtls.c | 17 | ||||
-rw-r--r-- | src/streams/mbedtls.h | 2 |
3 files changed, 9 insertions, 15 deletions
diff --git a/src/libgit2.c b/src/libgit2.c index aee9cf2cd..09f7ab533 100644 --- a/src/libgit2.c +++ b/src/libgit2.c @@ -261,10 +261,7 @@ int git_libgit2_opts(int key, ...) { const char *file = va_arg(ap, const char *); const char *path = va_arg(ap, const char *); - if (file) - error = git_mbedtls__set_cert_location(file, 0); - if (error && path) - error = git_mbedtls__set_cert_location(path, 1); + error = git_mbedtls__set_cert_location(file, path); } #else git_error_set(GIT_ERROR_SSL, "TLS backend doesn't support certificate locations"); diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c index 22b9f47df..b3a35ab02 100644 --- a/src/streams/mbedtls.c +++ b/src/streams/mbedtls.c @@ -68,8 +68,6 @@ static void shutdown_ssl(void) } } -int git_mbedtls__set_cert_location(const char *path, int is_dir); - int git_mbedtls_stream_global_init(void) { int loaded = 0; @@ -148,9 +146,9 @@ int git_mbedtls_stream_global_init(void) /* load default certificates */ if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode)) - loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0); + loaded = (git_mbedtls__set_cert_location(crtpath, NULL) == 0); if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) - loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0); + loaded = (git_mbedtls__set_cert_location(NULL, crtpath) == 0); return git_runtime_shutdown_register(shutdown_ssl); @@ -438,23 +436,22 @@ int git_mbedtls_stream_new( return error; } -int git_mbedtls__set_cert_location(const char *path, int is_dir) +int git_mbedtls__set_cert_location(const char *file, const char *path) { int ret = 0; char errbuf[512]; mbedtls_x509_crt *cacert; - GIT_ASSERT_ARG(path); + GIT_ASSERT_ARG(file || path); cacert = git__malloc(sizeof(mbedtls_x509_crt)); GIT_ERROR_CHECK_ALLOC(cacert); mbedtls_x509_crt_init(cacert); - if (is_dir) { + if (file) + ret = mbedtls_x509_crt_parse_file(cacert, file); + if (ret >= 0 && path) ret = mbedtls_x509_crt_parse_path(cacert, path); - } else { - ret = mbedtls_x509_crt_parse_file(cacert, path); - } /* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */ if (ret < 0) { mbedtls_x509_crt_free(cacert); diff --git a/src/streams/mbedtls.h b/src/streams/mbedtls.h index 7de94b9fb..bcca6dd40 100644 --- a/src/streams/mbedtls.h +++ b/src/streams/mbedtls.h @@ -14,7 +14,7 @@ extern int git_mbedtls_stream_global_init(void); #ifdef GIT_MBEDTLS -extern int git_mbedtls__set_cert_location(const char *path, int is_dir); +extern int git_mbedtls__set_cert_location(const char *file, const char *path); extern int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port); extern int git_mbedtls_stream_wrap(git_stream **out, git_stream *in, const char *host); |