mbedTLS: Fix setting certificate directory fixes #6003
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
diff --git a/src/libgit2.c b/src/libgit2.c
index aee9cf2..09f7ab5 100644
--- a/src/libgit2.c
+++ b/src/libgit2.c
@@ -261,10 +261,7 @@ int git_libgit2_opts(int key, ...)
{
const char *file = va_arg(ap, const char *);
const char *path = va_arg(ap, const char *);
- if (file)
- error = git_mbedtls__set_cert_location(file, 0);
- if (error && path)
- error = git_mbedtls__set_cert_location(path, 1);
+ error = git_mbedtls__set_cert_location(file, path);
}
#else
git_error_set(GIT_ERROR_SSL, "TLS backend doesn't support certificate locations");
diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
index 22b9f47..b3a35ab 100644
--- a/src/streams/mbedtls.c
+++ b/src/streams/mbedtls.c
@@ -68,8 +68,6 @@ static void shutdown_ssl(void)
}
}
-int git_mbedtls__set_cert_location(const char *path, int is_dir);
-
int git_mbedtls_stream_global_init(void)
{
int loaded = 0;
@@ -148,9 +146,9 @@ int git_mbedtls_stream_global_init(void)
/* load default certificates */
if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
- loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0);
+ loaded = (git_mbedtls__set_cert_location(crtpath, NULL) == 0);
if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
- loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0);
+ loaded = (git_mbedtls__set_cert_location(NULL, crtpath) == 0);
return git_runtime_shutdown_register(shutdown_ssl);
@@ -438,23 +436,22 @@ int git_mbedtls_stream_new(
return error;
}
-int git_mbedtls__set_cert_location(const char *path, int is_dir)
+int git_mbedtls__set_cert_location(const char *file, const char *path)
{
int ret = 0;
char errbuf[512];
mbedtls_x509_crt *cacert;
- GIT_ASSERT_ARG(path);
+ GIT_ASSERT_ARG(file || path);
cacert = git__malloc(sizeof(mbedtls_x509_crt));
GIT_ERROR_CHECK_ALLOC(cacert);
mbedtls_x509_crt_init(cacert);
- if (is_dir) {
+ if (file)
+ ret = mbedtls_x509_crt_parse_file(cacert, file);
+ if (ret >= 0 && path)
ret = mbedtls_x509_crt_parse_path(cacert, path);
- } else {
- ret = mbedtls_x509_crt_parse_file(cacert, path);
- }
/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
if (ret < 0) {
mbedtls_x509_crt_free(cacert);
diff --git a/src/streams/mbedtls.h b/src/streams/mbedtls.h
index 7de94b9..bcca6dd 100644
--- a/src/streams/mbedtls.h
+++ b/src/streams/mbedtls.h
@@ -14,7 +14,7 @@
extern int git_mbedtls_stream_global_init(void);
#ifdef GIT_MBEDTLS
-extern int git_mbedtls__set_cert_location(const char *path, int is_dir);
+extern int git_mbedtls__set_cert_location(const char *file, const char *path);
extern int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port);
extern int git_mbedtls_stream_wrap(git_stream **out, git_stream *in, const char *host);