|
8a62bf11
|
2016-02-15T11:28:33
|
|
netops: fix memory leak when an error occurs
|
|
75a4636f
|
2015-05-29T16:56:38
|
|
git__tolower: a tolower() that isn't dumb
Some brain damaged tolower() implementations appear to want to
take the locale into account, and this may require taking some
insanely aggressive lock on the locale and slowing down what should
be the most trivial of trivial calls for people who just want to
downcase ASCII.
|
|
1b75c29e
|
2014-11-02T11:17:01
|
|
gitno: remove code which is no longer needed
Most of the network-facing facilities have been copied to the socket and
openssl streams. No code now uses these functions directly anymore, so
we can now remove them.
|
|
02b4c1e2
|
2014-11-01T16:58:20
|
|
Port the TCP transport to the new stream API
|
|
22fbb265
|
2014-11-02T16:12:10
|
|
netops: return GIT_ECERTIFICATE when it fails the basic tests
When we first ask OpenSSL to verify the certfiicate itself (rather
than the HTTPS specifics), we should also return
GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed
operation rather than a failed validation and not call the user's own
validation.
|
|
d0cf1040
|
2014-09-24T12:01:14
|
|
Correctly handle getaddrinfo return result
The getaddrinfo function indicates failure with a non-zero return code,
but this code is not necessarily negative. On platforms like Android
where the code is positive, a failed call causes libgit2 to segfault.
|
|
41698f22
|
2014-09-11T10:04:05
|
|
net: remove support for outright ignoring certificates
This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.
If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.
|
|
9b940586
|
2014-07-04T12:45:43
|
|
Provide a callback for certificate validation
If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.
The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.
|
|
90c2b37f
|
2014-07-05T21:22:56
|
|
in_addr is defined in <Winsock2.h>, include before <ws2tcpip.h>
|
|
1380e7c6
|
2014-07-03T02:34:32
|
|
netops: error out on url without a path
In order to connect to a remote server, we need to provide a path to the
repository we're interested in. Consider the lack of path in the url an
error.
|
|
081e76ba
|
2014-06-12T16:20:52
|
|
ssl: init everything all the time
Bring together all of the OpenSSL initialization to
git_threads_init() so it's together and doesn't need locks.
Moving it here also gives us libssh2 thread safety (when built against
openssl).
|
|
cf15ac8a
|
2014-06-12T03:20:34
|
|
ssl: cargo-cult thread safety
OpenSSL's tests init everything in the main thread, so let's do that.
|
|
5fa04943
|
2014-06-11T23:19:48
|
|
ssl: use locking
When using in a multithreaded context, OpenSSL needs to lock, and leaves
it up to application to provide said locks.
We were not doing this, and it's just luck that's kept us from crashing
up to now.
|
|
1d3364ac
|
2014-06-11T20:52:15
|
|
netops: init OpenSSL once under lock
The OpenSSL init functions are not reentrant, which means that running
multiple fetches in parallel can cause us to crash.
Use a mutex to init OpenSSL, and since we're adding this extra checks,
init it only once.
|
|
7c57cd97
|
2014-05-12T20:25:44
|
|
Win32 fix for #2300.
The code doesn't use SSL and a test requires it.
|
|
783555d8
|
2014-04-26T14:36:32
|
|
netops: catch the server not sending a certificate
It's possible for an encrypted connection not have a certificate. In
this case, SSL_get_verify_result() will return OK because no error
happened (as it never even tried to validate anything).
SSL_get_peer_certificate() will return NULL in this case so we need to
catch that. On the upside, the current code would segfault in this
situation instead of letting it through as a valid cert.
|
|
51d3f6f5
|
2014-04-26T14:16:42
|
|
netops: provide more specific error for cert failure
Specify what we do not like about the certificate. In this case, we do
not like the name.
|
|
1f0d4f3d
|
2014-04-26T13:51:14
|
|
netops: unit-test the cert host-name pattern matching
This kind of stuff should have unit tests, even if it's just to show
what we expect to match successfully.
|
|
e1ce5249
|
2013-11-18T21:40:19
|
|
netops: fix leak
|
|
98eaf39a
|
2013-11-13T11:12:31
|
|
Fix warnings
|
|
fb190bbb
|
2013-11-12T19:44:13
|
|
Fix warnings
|
|
79c44342
|
2013-11-05T11:35:57
|
|
Make url decoding more bulletproof
|
|
d6eb3f9c
|
2013-11-05T10:54:44
|
|
Remove unnecessary check
|
|
fe294b95
|
2013-11-05T10:37:50
|
|
Incorporate feedback
|
|
16bffd1c
|
2013-11-04T12:04:17
|
|
Unescape url-encoded usernames and passwords
|
|
c227c173
|
2013-11-04T11:42:14
|
|
Use http_parser_parse_url to parse urls
|
|
56c1cda2
|
2013-11-01T19:22:43
|
|
Clarify parsing issues and errors
|
|
7e035908
|
2013-11-01T15:29:25
|
|
Streamline url-parsing logic.
|
|
048f837b
|
2013-10-31T13:30:22
|
|
Prevent another segfault from bad URL
|
|
151b3218
|
2013-10-31T13:16:04
|
|
Prevent segfault with a badly-formed URL
|
|
41a6de28
|
2013-10-02T14:45:57
|
|
HTTP: handle "relative" redirects
|
|
b59344bf
|
2013-09-26T16:48:08
|
|
Tighten up url-connection utility
|
|
ea59f659
|
2013-09-26T16:20:30
|
|
Deploy gitno_connection_data into transport (winhttp)
...and have that call manage replaced memory in the output structure.
|
|
8988688c
|
2013-09-25T20:41:56
|
|
Migrate redirect URL handling to common utility
|
|
eb0ff130
|
2013-09-24T14:07:08
|
|
Disconnect path string to preserve after redirect
The subtransport path was relying on pointing to data owned by
the remote which meant that after a redirect, the updated path
was getting lost for future requests. This updates the http
transport to strdup the path and maintain its own lifetime.
This also pulls responsibility for parsing the URL back into the
http transport and isolates the functions that parse and free that
connection data so that they can be reused between the initial
parsing and the redirect parsing.
|
|
c9144405
|
2013-09-23T11:37:35
|
|
Properly parse urls that include protocol://
|
|
e5296308
|
2013-08-24T20:15:22
|
|
netops: remove duplicate include
9e9aee6 added an include <netinet/in.h> to fix the build on FreeBSD.
Sometime since then the same header is included ifndef _WIN32, so
remove the duplicate include.
|
|
de81aee3
|
2013-02-04T14:49:28
|
|
Merge pull request #1298 from ben/user-at
Handle "user@" prefix for credentials partially included in URLs
|
|
c70455c7
|
2013-02-01T22:53:51
|
|
Deduplicate FormatMessage UTF-16 to UTF-8 conversion code
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
bd25a302
|
2013-02-01T22:22:26
|
|
Improved error handling
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
89ad1c57
|
2013-02-01T22:14:52
|
|
Get utf8_size from WideCharToMultiByte instead of guessing it
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
b0dc81f0
|
2013-02-01T16:17:34
|
|
Win32: Make sure error messages are consistently UTF-8 encoded
W/o this a libgit2 error message could have a mixed encoding:
e.g. a filename in UTF-8 combined with a native Windows error message
encoded with the local code page.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
c4beee76
|
2013-02-01T10:00:55
|
|
Introduce git__substrdup
|
|
cf7038a6
|
2013-01-31T14:04:21
|
|
Enhance url parsing to include passwords
|
|
2234b2b0
|
2013-01-30T19:03:58
|
|
Stash username from url (but don't use it yet)
|
|
5f10853e
|
2013-01-30T18:50:31
|
|
Skip "user@" when finding hostname in url
|
|
cfc39f50
|
2013-01-25T22:43:52
|
|
Fix 3 memory leaks
|
|
7a2cf780
|
2013-01-20T01:57:32
|
|
Fix compilation on OpenBSD
|
|
359fc2d2
|
2013-01-08T17:07:25
|
|
update copyrights
|
|
f2b00cbd
|
2012-12-17T19:35:40
|
|
netops: on SSL teardown only send shutdown alert
According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is
enough (the underlying connection shall be closed anyway), this first
call to SSL_shutdown() is sufficient."
Currently, an unidirectional shutdown is enough, since
gitno_ssl_teardown is called by gitno_close only. Do so to avoid further
errors (by misbehaving peers for example).
Fixes #1129.
|
|
9c8dbc88
|
2012-12-17T19:18:34
|
|
netops: properly handle GITNO_CONNECT_SSL_NO_CHECK_CERT
Don't return an error just because GITNO_CONNECT_SSL_NO_CHECK_CERT is
set.
|
|
9e9aee67
|
2012-11-26T23:29:34
|
|
fix build on FreeBSD
3f9eb1e introduced support for SSL certificates issued for IP
addresses, making use of in_addr and in_addr6 structs. On FreeBSD
these are defined in (a file included in) <netinet/in.h>, so include
that file on FreeBSD and get the build working again.
|
|
9d641283
|
2012-11-08T08:06:23
|
|
Merge pull request #1048 from pwkelley/basic_auth
Basic authentication for http and winhttp
|
|
345eef23
|
2012-11-07T16:10:57
|
|
Move inet_pton to posix platform-compatibility layer
|
|
d1a69d0f
|
2012-11-06T20:16:53
|
|
Fix compilation for mingw32 and cygwin
inet_pton is available only in windows vista or later,
fixed the issue by reimplementing it using WSAStringToAddress
|
|
2f7538ec
|
2012-11-06T09:36:04
|
|
Fix connection leak in http subtransport
|
|
41fb1ca0
|
2012-10-29T13:41:14
|
|
Reorganize transport architecture (squashed 3)
|
|
7bcd9e23
|
2012-10-19T19:23:32
|
|
gitno_buffer: callback on each packet
The fetch code takes advantage of this to implement a
progress callback every 100kb of transfer.
|
|
65ac67fb
|
2012-08-28T21:58:10
|
|
netops: be more careful with SSL errors
SSL_get_error() allows to receive a result code for various SSL
operations. Depending on the return value (see man (3) SSL_get_error)
there might be additional information in the OpenSSL error queue. Return
the queued message if available, otherwise set an error message
corresponding to the return code.
|
|
4deda91b
|
2012-09-04T00:13:59
|
|
netops: continue writing on SSL_ERROR_WANT_WRITE
|
|
0d5dce26
|
2012-08-28T14:15:32
|
|
ssl: make cert check ignore work for invalid certs, not just CNs
Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the
certificate is invalid, without giving us a chance to ignore that
error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user
wanted us to check.
When no CNs match, we used to jump to on_error which gave a bogus
error as that's for OpenSSL errors. Jump to cert_fail so we tell the
user that the error came from checking the certificate.
|
|
e25dda51
|
2012-08-02T01:38:30
|
|
Merge remote-tracking branch 'nulltoken/topic/amd64-compat' into development
Conflicts:
src/netops.c
src/netops.h
src/oid.c
|
|
0048372a
|
2012-07-27T01:09:06
|
|
transport: rename encrypt to use_ssl
SSL isn't the only way that a transport can be encrypted. The new name
will make it easier to merge the SSH support.
|
|
8861d32f
|
2012-07-25T16:16:53
|
|
ssl: use the callback instead of ifs to determine how to get data
Using the callbacks makes it clearer and reduces the amount of #ifdefs
and ifs and we need in the code.
|
|
b49c8f71
|
2012-07-24T19:03:22
|
|
remote: use the same code to control git and http
This allows us to add capabilitites to both at the same time, keeps
them in sync and removes a lot of code.
gitno_buffer now uses a callback to fill its buffer, allowing us to
use the same interface for git and http (which uses callbacks).
|
|
b8457baa
|
2012-07-24T07:57:58
|
|
portability: Improve x86/amd64 compatibility
|
|
798e4d53
|
2012-06-22T21:25:17
|
|
amigaos: Cleanup
|
|
2ae052d1
|
2012-06-22T20:48:50
|
|
Merge branch 'pull-req' of https://github.com/chris-y/libgit2 into amigaos
|
|
b6423939
|
2012-06-20T20:35:13
|
|
more getaddrinfo compatibility
|
|
8d18f1f7
|
2012-06-20T20:12:30
|
|
getaddrinfo() replacement functions
|
|
ac8eac2f
|
2012-06-15T11:25:52
|
|
Fix compile errors when building on windows
Errors were due to not including winsock2 early enough.
|
|
d043013f
|
2012-06-14T19:09:42
|
|
More changes resulting from pull request
|
|
a8df98c6
|
2012-06-14T18:57:24
|
|
Updates from comments on OS4 compatibility pull request http://github.com/libgit2/libgit2/pull/766
|
|
96ef3d84
|
2012-06-13T23:16:14
|
|
Make this more generic and mergeable.
Needs AmigaOS.cmake now from CMake package at OS4Depot, or contents below:
--8<--
SET(AMIGA 1)
SET(CMAKE_SHARED_LIBRARY_C_FLAGS "-fPIC")
SET(CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-shared")
--8<--
|
|
327fb51c
|
2012-06-09T18:13:07
|
|
Fix gethostbyname compatibility
|
|
c41fc475
|
2012-06-07T21:26:39
|
|
horrid gethostbyname compatibility
|
|
6f944ab1
|
2012-06-07T13:36:28
|
|
Fix compilation warning
|
|
66798ad0
|
2012-06-06T11:00:15
|
|
Don't include arpa/inet.h on Windows
|
|
966fbdcb
|
2012-06-05T13:53:33
|
|
Merge pull request #697 from carlosmn/ssl
Add HTTPS support
|
|
c1318f71
|
2012-05-26T18:16:13
|
|
Use lowercase names for Windows headers
Otherwise we can't cross-compile on Linux.
|
|
250b95b2
|
2012-05-26T21:17:08
|
|
ssl: allow skipping the server certificate check
Sometimes it's useful not to perform the check. Allow it to be
configurable.
|
|
441df990
|
2012-05-17T23:57:30
|
|
ssl: look up the last CN the alternative names don't match
|
|
dbb36e1b
|
2012-05-17T17:56:49
|
|
ssl: check certificates against the system's trusted CAs
|
|
d3e1367f
|
2012-05-17T21:40:20
|
|
ssl: remove GnuTLS support
It's too much work for now to redo everything.
Move the ssl context struct to transport.h
|
|
16768191
|
2012-05-17T21:16:59
|
|
ssl: match host names according to RFC 2818 (HTTP over TLS)
|
|
3f9eb1e5
|
2012-05-17T22:22:05
|
|
ssl: add support for certificates issues to an IP address
|
|
a6f24a5b
|
2012-05-01T01:50:26
|
|
https: make it work with OpenSSL as well
Add specific functions that use OpenSSL instead of GnuTLS
|
|
89460f3f
|
2012-05-03T14:07:55
|
|
ssl: teardown the connection on close
This should help us free some resources, though the libraries do keep
some buffers allocated regardless.
|
|
66024c7c
|
2012-05-01T00:05:25
|
|
http: add https support when GnuTLS is available
If it's not available, an error saying so will be returned when trying
to use a https:// URL.
This also unifies a lot of the network code to use git_transport in
many places instead of an socket descriptor.
|
|
65ca81a6
|
2012-05-08T14:28:21
|
|
Minor error fixes
Clear the error in pkt when we notice that the remote is starting to
send the packfile.
Fix the format string for Windows networking errors.
|
|
901fbdad
|
2012-05-07T00:05:02
|
|
Define explicit _WIN32_WINNT version in makefile
Previously, it was defined in netops.c, but it's also needed in one of the
clar tests, so I figured we might as well just make it global for the
whole project.
Without it, the mingw32 linker won't resolve GetProcessId() (called from
the core/errors.c clar test) because of some conditionals in windows.h.
|
|
cd58c15c
|
2012-05-05T16:47:20
|
|
Merge remote-tracking branch 'scottjg/fix-mingw32' into development
Conflicts:
src/netops.c
src/netops.h
src/transports/http.c
tests-clar/clar
|
|
b4b96d56
|
2012-05-05T13:30:33
|
|
Fix gitno_connect() error handling on Windows
gitno_connect() can return an error or socket, which is fine on most
platforms where sockets are file descriptors (signed int), but on Windows,
SOCKET is an unsigned type, which is problematic when we are trying to
test if the socket was actually a negative error code.
This fix seperates the error code and socket in gitno_connect(), and fixes
the error handling in do_connect() functions to compensate. It appears
that git_connect() and the git-transport do_connect() functions had bugs
in the non-windows cases too (leaking sockets, and not properly reporting
connection error, respectively) so I went ahead and fixed those too.
|
|
44ef8b1b
|
2012-04-13T13:00:10
|
|
Fix warnings on 64-bit windows builds
This fixes all the warnings on win64 except those in deps, which
come from the regex code.
|
|
bd6585a7
|
2012-03-16T15:15:21
|
|
netops: show winsock error messages on Windows
|
|
56b7df10
|
2012-03-07T07:01:20
|
|
error-handling: netops
|
|
5e0de328
|
2012-02-13T17:10:24
|
|
Update Copyright header
Signed-off-by: schu <schu-github@schulog.org>
|
|
31ffc141
|
2012-02-02T00:14:59
|
|
Fix the build on Emscripten
struct timeval is used in this file, which requires <sys/time.h> to be
included.
|
|
3286c408
|
2011-10-28T14:51:13
|
|
global: Properly use `git__` memory wrappers
Ensure that all memory related functions (malloc, calloc, strdup, free,
etc) are using their respective `git__` wrappers.
|
|
51760bc1
|
2011-10-05T18:11:22
|
|
pkt: get rid of the chunked support
It was a bad idea.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
|