kmx git

Commit	Date	Message
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
0e4f3d9d	2018-03-03T21:47:22	gitno_extract_url_parts: decode hostnames RFC 3986 says that hostnames can be percent encoded. Percent decode hostnames in our URLs.
05551ca0	2018-03-03T20:14:54	Remove now unnecessary `gitno_unescape`
60e7848e	2018-03-03T20:13:30	gitno_extract_url_parts: use `git_buf`s Now that we can decode percent-encoded strings as part of `git_buf`s, use that decoder in `gitno_extract_url_parts`.
8a2cdbd3	2018-02-28T12:58:58	Rename unescape and make non-static
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
4e017413	2015-09-21T21:11:02	netops: make the path optional in URLs When we're dealing with proxy addresses, we only want a hostname and port, and the user would not provide a path, so make it optional so we can use this same function to parse git as well as proxy URLs.
8a62bf11	2016-02-15T11:28:33	netops: fix memory leak when an error occurs
75a4636f	2015-05-29T16:56:38	git__tolower: a tolower() that isn't dumb Some brain damaged tolower() implementations appear to want to take the locale into account, and this may require taking some insanely aggressive lock on the locale and slowing down what should be the most trivial of trivial calls for people who just want to downcase ASCII.
1b75c29e	2014-11-02T11:17:01	gitno: remove code which is no longer needed Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.
02b4c1e2	2014-11-01T16:58:20	Port the TCP transport to the new stream API
22fbb265	2014-11-02T16:12:10	netops: return GIT_ECERTIFICATE when it fails the basic tests When we first ask OpenSSL to verify the certfiicate itself (rather than the HTTPS specifics), we should also return GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed operation rather than a failed validation and not call the user's own validation.
d0cf1040	2014-09-24T12:01:14	Correctly handle getaddrinfo return result The getaddrinfo function indicates failure with a non-zero return code, but this code is not necessarily negative. On platforms like Android where the code is positive, a failed call causes libgit2 to segfault.
41698f22	2014-09-11T10:04:05	net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
90c2b37f	2014-07-05T21:22:56	in_addr is defined in <Winsock2.h>, include before <ws2tcpip.h>
1380e7c6	2014-07-03T02:34:32	netops: error out on url without a path In order to connect to a remote server, we need to provide a path to the repository we're interested in. Consider the lack of path in the url an error.
081e76ba	2014-06-12T16:20:52	ssl: init everything all the time Bring together all of the OpenSSL initialization to git_threads_init() so it's together and doesn't need locks. Moving it here also gives us libssh2 thread safety (when built against openssl).
cf15ac8a	2014-06-12T03:20:34	ssl: cargo-cult thread safety OpenSSL's tests init everything in the main thread, so let's do that.
5fa04943	2014-06-11T23:19:48	ssl: use locking When using in a multithreaded context, OpenSSL needs to lock, and leaves it up to application to provide said locks. We were not doing this, and it's just luck that's kept us from crashing up to now.
1d3364ac	2014-06-11T20:52:15	netops: init OpenSSL once under lock The OpenSSL init functions are not reentrant, which means that running multiple fetches in parallel can cause us to crash. Use a mutex to init OpenSSL, and since we're adding this extra checks, init it only once.
7c57cd97	2014-05-12T20:25:44	Win32 fix for #2300. The code doesn't use SSL and a test requires it.
783555d8	2014-04-26T14:36:32	netops: catch the server not sending a certificate It's possible for an encrypted connection not have a certificate. In this case, SSL_get_verify_result() will return OK because no error happened (as it never even tried to validate anything). SSL_get_peer_certificate() will return NULL in this case so we need to catch that. On the upside, the current code would segfault in this situation instead of letting it through as a valid cert.
51d3f6f5	2014-04-26T14:16:42	netops: provide more specific error for cert failure Specify what we do not like about the certificate. In this case, we do not like the name.
1f0d4f3d	2014-04-26T13:51:14	netops: unit-test the cert host-name pattern matching This kind of stuff should have unit tests, even if it's just to show what we expect to match successfully.
e1ce5249	2013-11-18T21:40:19	netops: fix leak
98eaf39a	2013-11-13T11:12:31	Fix warnings
fb190bbb	2013-11-12T19:44:13	Fix warnings
79c44342	2013-11-05T11:35:57	Make url decoding more bulletproof
d6eb3f9c	2013-11-05T10:54:44	Remove unnecessary check
fe294b95	2013-11-05T10:37:50	Incorporate feedback
16bffd1c	2013-11-04T12:04:17	Unescape url-encoded usernames and passwords
c227c173	2013-11-04T11:42:14	Use http_parser_parse_url to parse urls
56c1cda2	2013-11-01T19:22:43	Clarify parsing issues and errors
7e035908	2013-11-01T15:29:25	Streamline url-parsing logic.
048f837b	2013-10-31T13:30:22	Prevent another segfault from bad URL
151b3218	2013-10-31T13:16:04	Prevent segfault with a badly-formed URL
41a6de28	2013-10-02T14:45:57	HTTP: handle "relative" redirects
b59344bf	2013-09-26T16:48:08	Tighten up url-connection utility
ea59f659	2013-09-26T16:20:30	Deploy gitno_connection_data into transport (winhttp) ...and have that call manage replaced memory in the output structure.
8988688c	2013-09-25T20:41:56	Migrate redirect URL handling to common utility
eb0ff130	2013-09-24T14:07:08	Disconnect path string to preserve after redirect The subtransport path was relying on pointing to data owned by the remote which meant that after a redirect, the updated path was getting lost for future requests. This updates the http transport to strdup the path and maintain its own lifetime. This also pulls responsibility for parsing the URL back into the http transport and isolates the functions that parse and free that connection data so that they can be reused between the initial parsing and the redirect parsing.
c9144405	2013-09-23T11:37:35	Properly parse urls that include protocol://
e5296308	2013-08-24T20:15:22	netops: remove duplicate include 9e9aee6 added an include <netinet/in.h> to fix the build on FreeBSD. Sometime since then the same header is included ifndef _WIN32, so remove the duplicate include.
de81aee3	2013-02-04T14:49:28	Merge pull request #1298 from ben/user-at Handle "user@" prefix for credentials partially included in URLs
c70455c7	2013-02-01T22:53:51	Deduplicate FormatMessage UTF-16 to UTF-8 conversion code Signed-off-by: Sven Strickroth <email@cs-ware.de>
bd25a302	2013-02-01T22:22:26	Improved error handling Signed-off-by: Sven Strickroth <email@cs-ware.de>
89ad1c57	2013-02-01T22:14:52	Get utf8_size from WideCharToMultiByte instead of guessing it Signed-off-by: Sven Strickroth <email@cs-ware.de>
b0dc81f0	2013-02-01T16:17:34	Win32: Make sure error messages are consistently UTF-8 encoded W/o this a libgit2 error message could have a mixed encoding: e.g. a filename in UTF-8 combined with a native Windows error message encoded with the local code page. Signed-off-by: Sven Strickroth <email@cs-ware.de>
c4beee76	2013-02-01T10:00:55	Introduce git__substrdup
cf7038a6	2013-01-31T14:04:21	Enhance url parsing to include passwords
2234b2b0	2013-01-30T19:03:58	Stash username from url (but don't use it yet)
5f10853e	2013-01-30T18:50:31	Skip "user@" when finding hostname in url
cfc39f50	2013-01-25T22:43:52	Fix 3 memory leaks
7a2cf780	2013-01-20T01:57:32	Fix compilation on OpenBSD
359fc2d2	2013-01-08T17:07:25	update copyrights
f2b00cbd	2012-12-17T19:35:40	netops: on SSL teardown only send shutdown alert According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." Currently, an unidirectional shutdown is enough, since gitno_ssl_teardown is called by gitno_close only. Do so to avoid further errors (by misbehaving peers for example). Fixes #1129.
9c8dbc88	2012-12-17T19:18:34	netops: properly handle GITNO_CONNECT_SSL_NO_CHECK_CERT Don't return an error just because GITNO_CONNECT_SSL_NO_CHECK_CERT is set.
9e9aee67	2012-11-26T23:29:34	fix build on FreeBSD 3f9eb1e introduced support for SSL certificates issued for IP addresses, making use of in_addr and in_addr6 structs. On FreeBSD these are defined in (a file included in) <netinet/in.h>, so include that file on FreeBSD and get the build working again.
9d641283	2012-11-08T08:06:23	Merge pull request #1048 from pwkelley/basic_auth Basic authentication for http and winhttp
345eef23	2012-11-07T16:10:57	Move inet_pton to posix platform-compatibility layer
d1a69d0f	2012-11-06T20:16:53	Fix compilation for mingw32 and cygwin inet_pton is available only in windows vista or later, fixed the issue by reimplementing it using WSAStringToAddress
2f7538ec	2012-11-06T09:36:04	Fix connection leak in http subtransport
41fb1ca0	2012-10-29T13:41:14	Reorganize transport architecture (squashed 3)
7bcd9e23	2012-10-19T19:23:32	gitno_buffer: callback on each packet The fetch code takes advantage of this to implement a progress callback every 100kb of transfer.
65ac67fb	2012-08-28T21:58:10	netops: be more careful with SSL errors SSL_get_error() allows to receive a result code for various SSL operations. Depending on the return value (see man (3) SSL_get_error) there might be additional information in the OpenSSL error queue. Return the queued message if available, otherwise set an error message corresponding to the return code.
4deda91b	2012-09-04T00:13:59	netops: continue writing on SSL_ERROR_WANT_WRITE
0d5dce26	2012-08-28T14:15:32	ssl: make cert check ignore work for invalid certs, not just CNs Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the certificate is invalid, without giving us a chance to ignore that error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user wanted us to check. When no CNs match, we used to jump to on_error which gave a bogus error as that's for OpenSSL errors. Jump to cert_fail so we tell the user that the error came from checking the certificate.
e25dda51	2012-08-02T01:38:30	Merge remote-tracking branch 'nulltoken/topic/amd64-compat' into development Conflicts: src/netops.c src/netops.h src/oid.c
0048372a	2012-07-27T01:09:06	transport: rename encrypt to use_ssl SSL isn't the only way that a transport can be encrypted. The new name will make it easier to merge the SSH support.
8861d32f	2012-07-25T16:16:53	ssl: use the callback instead of ifs to determine how to get data Using the callbacks makes it clearer and reduces the amount of #ifdefs and ifs and we need in the code.
b49c8f71	2012-07-24T19:03:22	remote: use the same code to control git and http This allows us to add capabilitites to both at the same time, keeps them in sync and removes a lot of code. gitno_buffer now uses a callback to fill its buffer, allowing us to use the same interface for git and http (which uses callbacks).
b8457baa	2012-07-24T07:57:58	portability: Improve x86/amd64 compatibility
798e4d53	2012-06-22T21:25:17	amigaos: Cleanup
2ae052d1	2012-06-22T20:48:50	Merge branch 'pull-req' of https://github.com/chris-y/libgit2 into amigaos
b6423939	2012-06-20T20:35:13	more getaddrinfo compatibility
8d18f1f7	2012-06-20T20:12:30	getaddrinfo() replacement functions
ac8eac2f	2012-06-15T11:25:52	Fix compile errors when building on windows Errors were due to not including winsock2 early enough.
d043013f	2012-06-14T19:09:42	More changes resulting from pull request
a8df98c6	2012-06-14T18:57:24	Updates from comments on OS4 compatibility pull request http://github.com/libgit2/libgit2/pull/766
96ef3d84	2012-06-13T23:16:14	Make this more generic and mergeable. Needs AmigaOS.cmake now from CMake package at OS4Depot, or contents below: --8<-- SET(AMIGA 1) SET(CMAKE_SHARED_LIBRARY_C_FLAGS "-fPIC") SET(CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-shared") --8<--
327fb51c	2012-06-09T18:13:07	Fix gethostbyname compatibility
c41fc475	2012-06-07T21:26:39	horrid gethostbyname compatibility
6f944ab1	2012-06-07T13:36:28	Fix compilation warning
66798ad0	2012-06-06T11:00:15	Don't include arpa/inet.h on Windows
966fbdcb	2012-06-05T13:53:33	Merge pull request #697 from carlosmn/ssl Add HTTPS support
c1318f71	2012-05-26T18:16:13	Use lowercase names for Windows headers Otherwise we can't cross-compile on Linux.
250b95b2	2012-05-26T21:17:08	ssl: allow skipping the server certificate check Sometimes it's useful not to perform the check. Allow it to be configurable.
441df990	2012-05-17T23:57:30	ssl: look up the last CN the alternative names don't match
3f9eb1e5	2012-05-17T22:22:05	ssl: add support for certificates issues to an IP address
16768191	2012-05-17T21:16:59	ssl: match host names according to RFC 2818 (HTTP over TLS)
d3e1367f	2012-05-17T21:40:20	ssl: remove GnuTLS support It's too much work for now to redo everything. Move the ssl context struct to transport.h
dbb36e1b	2012-05-17T17:56:49	ssl: check certificates against the system's trusted CAs
66024c7c	2012-05-01T00:05:25	http: add https support when GnuTLS is available If it's not available, an error saying so will be returned when trying to use a https:// URL. This also unifies a lot of the network code to use git_transport in many places instead of an socket descriptor.
a6f24a5b	2012-05-01T01:50:26	https: make it work with OpenSSL as well Add specific functions that use OpenSSL instead of GnuTLS
89460f3f	2012-05-03T14:07:55	ssl: teardown the connection on close This should help us free some resources, though the libraries do keep some buffers allocated regardless.
65ca81a6	2012-05-08T14:28:21	Minor error fixes Clear the error in pkt when we notice that the remote is starting to send the packfile. Fix the format string for Windows networking errors.
901fbdad	2012-05-07T00:05:02	Define explicit _WIN32_WINNT version in makefile Previously, it was defined in netops.c, but it's also needed in one of the clar tests, so I figured we might as well just make it global for the whole project. Without it, the mingw32 linker won't resolve GetProcessId() (called from the core/errors.c clar test) because of some conditionals in windows.h.
cd58c15c	2012-05-05T16:47:20	Merge remote-tracking branch 'scottjg/fix-mingw32' into development Conflicts: src/netops.c src/netops.h src/transports/http.c tests-clar/clar

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

0e4f3d9d

2018-03-03T21:47:22

gitno_extract_url_parts: decode hostnames RFC 3986 says that hostnames can be percent encoded. Percent decode hostnames in our URLs.

05551ca0

2018-03-03T20:14:54

Remove now unnecessary `gitno_unescape`

60e7848e

2018-03-03T20:13:30

gitno_extract_url_parts: use `git_buf`s Now that we can decode percent-encoded strings as part of `git_buf`s, use that decoder in `gitno_extract_url_parts`.

8a2cdbd3

2018-02-28T12:58:58

Rename unescape and make non-static

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

4e017413

2015-09-21T21:11:02

netops: make the path optional in URLs When we're dealing with proxy addresses, we only want a hostname and port, and the user would not provide a path, so make it optional so we can use this same function to parse git as well as proxy URLs.

8a62bf11

2016-02-15T11:28:33

netops: fix memory leak when an error occurs

75a4636f

2015-05-29T16:56:38

git__tolower: a tolower() that isn't dumb Some brain damaged tolower() implementations appear to want to take the locale into account, and this may require taking some insanely aggressive lock on the locale and slowing down what should be the most trivial of trivial calls for people who just want to downcase ASCII.

1b75c29e

2014-11-02T11:17:01

gitno: remove code which is no longer needed Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.

02b4c1e2

2014-11-01T16:58:20

Port the TCP transport to the new stream API

22fbb265

2014-11-02T16:12:10

netops: return GIT_ECERTIFICATE when it fails the basic tests When we first ask OpenSSL to verify the certfiicate itself (rather than the HTTPS specifics), we should also return GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed operation rather than a failed validation and not call the user's own validation.

d0cf1040

2014-09-24T12:01:14

Correctly handle getaddrinfo return result The getaddrinfo function indicates failure with a non-zero return code, but this code is not necessarily negative. On platforms like Android where the code is positive, a failed call causes libgit2 to segfault.

41698f22

2014-09-11T10:04:05

net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

90c2b37f

2014-07-05T21:22:56

in_addr is defined in <Winsock2.h>, include before <ws2tcpip.h>

1380e7c6

2014-07-03T02:34:32

netops: error out on url without a path In order to connect to a remote server, we need to provide a path to the repository we're interested in. Consider the lack of path in the url an error.

081e76ba

2014-06-12T16:20:52

ssl: init everything all the time Bring together all of the OpenSSL initialization to git_threads_init() so it's together and doesn't need locks. Moving it here also gives us libssh2 thread safety (when built against openssl).

cf15ac8a

2014-06-12T03:20:34

ssl: cargo-cult thread safety OpenSSL's tests init everything in the main thread, so let's do that.

5fa04943

2014-06-11T23:19:48

ssl: use locking When using in a multithreaded context, OpenSSL needs to lock, and leaves it up to application to provide said locks. We were not doing this, and it's just luck that's kept us from crashing up to now.

1d3364ac

2014-06-11T20:52:15

netops: init OpenSSL once under lock The OpenSSL init functions are not reentrant, which means that running multiple fetches in parallel can cause us to crash. Use a mutex to init OpenSSL, and since we're adding this extra checks, init it only once.

7c57cd97

2014-05-12T20:25:44

Win32 fix for #2300. The code doesn't use SSL and a test requires it.

783555d8

2014-04-26T14:36:32

netops: catch the server not sending a certificate It's possible for an encrypted connection not have a certificate. In this case, SSL_get_verify_result() will return OK because no error happened (as it never even tried to validate anything). SSL_get_peer_certificate() will return NULL in this case so we need to catch that. On the upside, the current code would segfault in this situation instead of letting it through as a valid cert.

51d3f6f5

2014-04-26T14:16:42

netops: provide more specific error for cert failure Specify what we do not like about the certificate. In this case, we do not like the name.

1f0d4f3d

2014-04-26T13:51:14

netops: unit-test the cert host-name pattern matching This kind of stuff should have unit tests, even if it's just to show what we expect to match successfully.

e1ce5249

2013-11-18T21:40:19

netops: fix leak

98eaf39a

2013-11-13T11:12:31

Fix warnings

fb190bbb

2013-11-12T19:44:13

Fix warnings

79c44342

2013-11-05T11:35:57

Make url decoding more bulletproof

d6eb3f9c

2013-11-05T10:54:44

Remove unnecessary check

fe294b95

2013-11-05T10:37:50

Incorporate feedback

16bffd1c

2013-11-04T12:04:17

Unescape url-encoded usernames and passwords

c227c173

2013-11-04T11:42:14

Use http_parser_parse_url to parse urls

56c1cda2

2013-11-01T19:22:43

Clarify parsing issues and errors

7e035908

2013-11-01T15:29:25

Streamline url-parsing logic.

048f837b

2013-10-31T13:30:22

Prevent another segfault from bad URL

151b3218

2013-10-31T13:16:04

Prevent segfault with a badly-formed URL

41a6de28

2013-10-02T14:45:57

HTTP: handle "relative" redirects

b59344bf

2013-09-26T16:48:08

Tighten up url-connection utility

ea59f659

2013-09-26T16:20:30

Deploy gitno_connection_data into transport (winhttp) ...and have that call manage replaced memory in the output structure.

8988688c

2013-09-25T20:41:56

Migrate redirect URL handling to common utility

eb0ff130

2013-09-24T14:07:08

Disconnect path string to preserve after redirect The subtransport path was relying on pointing to data owned by the remote which meant that after a redirect, the updated path was getting lost for future requests. This updates the http transport to strdup the path and maintain its own lifetime. This also pulls responsibility for parsing the URL back into the http transport and isolates the functions that parse and free that connection data so that they can be reused between the initial parsing and the redirect parsing.

c9144405

2013-09-23T11:37:35

Properly parse urls that include protocol://

e5296308

2013-08-24T20:15:22

netops: remove duplicate include 9e9aee6 added an include <netinet/in.h> to fix the build on FreeBSD. Sometime since then the same header is included ifndef _WIN32, so remove the duplicate include.

de81aee3

2013-02-04T14:49:28

Merge pull request #1298 from ben/user-at Handle "user@" prefix for credentials partially included in URLs

c70455c7

2013-02-01T22:53:51

Deduplicate FormatMessage UTF-16 to UTF-8 conversion code Signed-off-by: Sven Strickroth <email@cs-ware.de>

bd25a302

2013-02-01T22:22:26

Improved error handling Signed-off-by: Sven Strickroth <email@cs-ware.de>

89ad1c57

2013-02-01T22:14:52

Get utf8_size from WideCharToMultiByte instead of guessing it Signed-off-by: Sven Strickroth <email@cs-ware.de>

b0dc81f0

2013-02-01T16:17:34

Win32: Make sure error messages are consistently UTF-8 encoded W/o this a libgit2 error message could have a mixed encoding: e.g. a filename in UTF-8 combined with a native Windows error message encoded with the local code page. Signed-off-by: Sven Strickroth <email@cs-ware.de>

c4beee76

2013-02-01T10:00:55

Introduce git__substrdup

cf7038a6

2013-01-31T14:04:21

Enhance url parsing to include passwords

2234b2b0

2013-01-30T19:03:58

Stash username from url (but don't use it yet)

5f10853e

2013-01-30T18:50:31

Skip "user@" when finding hostname in url

cfc39f50

2013-01-25T22:43:52

Fix 3 memory leaks

7a2cf780

2013-01-20T01:57:32

Fix compilation on OpenBSD

359fc2d2

2013-01-08T17:07:25

update copyrights

f2b00cbd

2012-12-17T19:35:40

netops: on SSL teardown only send shutdown alert According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." Currently, an unidirectional shutdown is enough, since gitno_ssl_teardown is called by gitno_close only. Do so to avoid further errors (by misbehaving peers for example). Fixes #1129.

9c8dbc88

2012-12-17T19:18:34

netops: properly handle GITNO_CONNECT_SSL_NO_CHECK_CERT Don't return an error just because GITNO_CONNECT_SSL_NO_CHECK_CERT is set.

9e9aee67

2012-11-26T23:29:34

fix build on FreeBSD 3f9eb1e introduced support for SSL certificates issued for IP addresses, making use of in_addr and in_addr6 structs. On FreeBSD these are defined in (a file included in) <netinet/in.h>, so include that file on FreeBSD and get the build working again.

9d641283

2012-11-08T08:06:23

Merge pull request #1048 from pwkelley/basic_auth Basic authentication for http and winhttp

345eef23

2012-11-07T16:10:57

Move inet_pton to posix platform-compatibility layer

d1a69d0f

2012-11-06T20:16:53

Fix compilation for mingw32 and cygwin inet_pton is available only in windows vista or later, fixed the issue by reimplementing it using WSAStringToAddress

2f7538ec

2012-11-06T09:36:04

Fix connection leak in http subtransport

41fb1ca0

2012-10-29T13:41:14

Reorganize transport architecture (squashed 3)

7bcd9e23

2012-10-19T19:23:32

gitno_buffer: callback on each packet The fetch code takes advantage of this to implement a progress callback every 100kb of transfer.

65ac67fb

2012-08-28T21:58:10

netops: be more careful with SSL errors SSL_get_error() allows to receive a result code for various SSL operations. Depending on the return value (see man (3) SSL_get_error) there might be additional information in the OpenSSL error queue. Return the queued message if available, otherwise set an error message corresponding to the return code.

4deda91b

2012-09-04T00:13:59

netops: continue writing on SSL_ERROR_WANT_WRITE

0d5dce26

2012-08-28T14:15:32

ssl: make cert check ignore work for invalid certs, not just CNs Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the certificate is invalid, without giving us a chance to ignore that error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user wanted us to check. When no CNs match, we used to jump to on_error which gave a bogus error as that's for OpenSSL errors. Jump to cert_fail so we tell the user that the error came from checking the certificate.

e25dda51

2012-08-02T01:38:30

Merge remote-tracking branch 'nulltoken/topic/amd64-compat' into development Conflicts: src/netops.c src/netops.h src/oid.c

0048372a

2012-07-27T01:09:06

transport: rename encrypt to use_ssl SSL isn't the only way that a transport can be encrypted. The new name will make it easier to merge the SSH support.

8861d32f

2012-07-25T16:16:53

ssl: use the callback instead of ifs to determine how to get data Using the callbacks makes it clearer and reduces the amount of #ifdefs and ifs and we need in the code.

b49c8f71

2012-07-24T19:03:22

remote: use the same code to control git and http This allows us to add capabilitites to both at the same time, keeps them in sync and removes a lot of code. gitno_buffer now uses a callback to fill its buffer, allowing us to use the same interface for git and http (which uses callbacks).

b8457baa

2012-07-24T07:57:58

portability: Improve x86/amd64 compatibility

798e4d53

2012-06-22T21:25:17

amigaos: Cleanup

2ae052d1

2012-06-22T20:48:50

Merge branch 'pull-req' of https://github.com/chris-y/libgit2 into amigaos

b6423939

2012-06-20T20:35:13

more getaddrinfo compatibility

8d18f1f7

2012-06-20T20:12:30

getaddrinfo() replacement functions

ac8eac2f

2012-06-15T11:25:52

Fix compile errors when building on windows Errors were due to not including winsock2 early enough.

d043013f

2012-06-14T19:09:42

More changes resulting from pull request

a8df98c6

2012-06-14T18:57:24

Updates from comments on OS4 compatibility pull request http://github.com/libgit2/libgit2/pull/766

96ef3d84

2012-06-13T23:16:14

Make this more generic and mergeable. Needs AmigaOS.cmake now from CMake package at OS4Depot, or contents below: --8<-- SET(AMIGA 1) SET(CMAKE_SHARED_LIBRARY_C_FLAGS "-fPIC") SET(CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-shared") --8<--

327fb51c

2012-06-09T18:13:07

Fix gethostbyname compatibility

c41fc475

2012-06-07T21:26:39

horrid gethostbyname compatibility

6f944ab1

2012-06-07T13:36:28

Fix compilation warning

66798ad0

2012-06-06T11:00:15

Don't include arpa/inet.h on Windows

966fbdcb

2012-06-05T13:53:33

Merge pull request #697 from carlosmn/ssl Add HTTPS support

c1318f71

2012-05-26T18:16:13

Use lowercase names for Windows headers Otherwise we can't cross-compile on Linux.

250b95b2

2012-05-26T21:17:08

ssl: allow skipping the server certificate check Sometimes it's useful not to perform the check. Allow it to be configurable.

441df990

2012-05-17T23:57:30

ssl: look up the last CN the alternative names don't match

3f9eb1e5

2012-05-17T22:22:05

ssl: add support for certificates issues to an IP address

16768191

2012-05-17T21:16:59

ssl: match host names according to RFC 2818 (HTTP over TLS)

d3e1367f

2012-05-17T21:40:20

ssl: remove GnuTLS support It's too much work for now to redo everything. Move the ssl context struct to transport.h

dbb36e1b

2012-05-17T17:56:49

ssl: check certificates against the system's trusted CAs

66024c7c

2012-05-01T00:05:25

http: add https support when GnuTLS is available If it's not available, an error saying so will be returned when trying to use a https:// URL. This also unifies a lot of the network code to use git_transport in many places instead of an socket descriptor.

a6f24a5b

2012-05-01T01:50:26

https: make it work with OpenSSL as well Add specific functions that use OpenSSL instead of GnuTLS

89460f3f

2012-05-03T14:07:55

ssl: teardown the connection on close This should help us free some resources, though the libraries do keep some buffers allocated regardless.

65ca81a6

2012-05-08T14:28:21

Minor error fixes Clear the error in pkt when we notice that the remote is starting to send the packfile. Fix the format string for Windows networking errors.

901fbdad

2012-05-07T00:05:02

Define explicit _WIN32_WINNT version in makefile Previously, it was defined in netops.c, but it's also needed in one of the clar tests, so I figured we might as well just make it global for the whole project. Without it, the mingw32 linker won't resolve GetProcessId() (called from the core/errors.c clar test) because of some conditionals in windows.h.

cd58c15c

2012-05-05T16:47:20

Merge remote-tracking branch 'scottjg/fix-mingw32' into development Conflicts: src/netops.c src/netops.h src/transports/http.c tests-clar/clar

thodg/libgit2/src/netops.c

src/netops.c

Log