|
c6ab183e
|
2019-03-11T11:43:08
|
|
net: rename gitno_connection_data to git_net_url
"Connection data" is an imprecise and largely incorrect name; these
structures are actually parsed URLs. Provide a parser that takes a URL
string and produces a URL structure (if it is valid).
Separate the HTTP redirect handling logic from URL parsing, keeping a
`gitno_connection_data_handle_redirect` whose only job is redirect
handling logic and does not parse URLs itself.
|
|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
58b60fcc
|
2018-11-08T09:31:28
|
|
netops: add method to return default http port for a connection
Constant strings and logic for HTTP(S) default ports were starting to be
spread throughout netops.c. Instead of duplicating this again to
determine if a Host header should include the port, move the default
port constants and logic into an internal method in netops.{c,h}.
|
|
ecf4f33a
|
2018-02-08T11:14:48
|
|
Convert usage of `git_buf_free` to new `git_buf_dispose`
|
|
0e4f3d9d
|
2018-03-03T21:47:22
|
|
gitno_extract_url_parts: decode hostnames
RFC 3986 says that hostnames can be percent encoded. Percent decode
hostnames in our URLs.
|
|
05551ca0
|
2018-03-03T20:14:54
|
|
Remove now unnecessary `gitno_unescape`
|
|
60e7848e
|
2018-03-03T20:13:30
|
|
gitno_extract_url_parts: use `git_buf`s
Now that we can decode percent-encoded strings as part of `git_buf`s,
use that decoder in `gitno_extract_url_parts`.
|
|
8a2cdbd3
|
2018-02-28T12:58:58
|
|
Rename unescape and make non-static
|
|
0c7f49dd
|
2017-06-30T13:39:01
|
|
Make sure to always include "common.h" first
Next to including several files, our "common.h" header also declares
various macros which are then used throughout the project. As such, we
have to make sure to always include this file first in all
implementation files. Otherwise, we might encounter problems or even
silent behavioural differences due to macros or defines not being
defined as they should be. So in fact, our header and implementation
files should make sure to always include "common.h" first.
This commit does so by establishing a common include pattern. Header
files inside of "src" will now always include "common.h" as its first
other file, separated by a newline from all the other includes to make
it stand out as special. There are two cases for the implementation
files. If they do have a matching header file, they will always include
this one first, leading to "common.h" being transitively included as
first file. If they do not have a matching header file, they instead
include "common.h" as first file themselves.
This fixes the outlined problems and will become our standard practice
for header and source files inside of the "src/" from now on.
|
|
909d5494
|
2016-12-29T12:25:15
|
|
giterr_set: consistent error messages
Error messages should be sentence fragments, and therefore:
1. Should not begin with a capital letter,
2. Should not conclude with punctuation, and
3. Should not end a sentence and begin a new one
|
|
4e017413
|
2015-09-21T21:11:02
|
|
netops: make the path optional in URLs
When we're dealing with proxy addresses, we only want a hostname and
port, and the user would not provide a path, so make it optional so we
can use this same function to parse git as well as proxy URLs.
|
|
8a62bf11
|
2016-02-15T11:28:33
|
|
netops: fix memory leak when an error occurs
|
|
75a4636f
|
2015-05-29T16:56:38
|
|
git__tolower: a tolower() that isn't dumb
Some brain damaged tolower() implementations appear to want to
take the locale into account, and this may require taking some
insanely aggressive lock on the locale and slowing down what should
be the most trivial of trivial calls for people who just want to
downcase ASCII.
|
|
1b75c29e
|
2014-11-02T11:17:01
|
|
gitno: remove code which is no longer needed
Most of the network-facing facilities have been copied to the socket and
openssl streams. No code now uses these functions directly anymore, so
we can now remove them.
|
|
02b4c1e2
|
2014-11-01T16:58:20
|
|
Port the TCP transport to the new stream API
|
|
22fbb265
|
2014-11-02T16:12:10
|
|
netops: return GIT_ECERTIFICATE when it fails the basic tests
When we first ask OpenSSL to verify the certfiicate itself (rather
than the HTTPS specifics), we should also return
GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed
operation rather than a failed validation and not call the user's own
validation.
|
|
d0cf1040
|
2014-09-24T12:01:14
|
|
Correctly handle getaddrinfo return result
The getaddrinfo function indicates failure with a non-zero return code,
but this code is not necessarily negative. On platforms like Android
where the code is positive, a failed call causes libgit2 to segfault.
|
|
41698f22
|
2014-09-11T10:04:05
|
|
net: remove support for outright ignoring certificates
This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.
If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.
|
|
9b940586
|
2014-07-04T12:45:43
|
|
Provide a callback for certificate validation
If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.
The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.
|
|
90c2b37f
|
2014-07-05T21:22:56
|
|
in_addr is defined in <Winsock2.h>, include before <ws2tcpip.h>
|
|
1380e7c6
|
2014-07-03T02:34:32
|
|
netops: error out on url without a path
In order to connect to a remote server, we need to provide a path to the
repository we're interested in. Consider the lack of path in the url an
error.
|
|
081e76ba
|
2014-06-12T16:20:52
|
|
ssl: init everything all the time
Bring together all of the OpenSSL initialization to
git_threads_init() so it's together and doesn't need locks.
Moving it here also gives us libssh2 thread safety (when built against
openssl).
|
|
cf15ac8a
|
2014-06-12T03:20:34
|
|
ssl: cargo-cult thread safety
OpenSSL's tests init everything in the main thread, so let's do that.
|
|
5fa04943
|
2014-06-11T23:19:48
|
|
ssl: use locking
When using in a multithreaded context, OpenSSL needs to lock, and leaves
it up to application to provide said locks.
We were not doing this, and it's just luck that's kept us from crashing
up to now.
|
|
1d3364ac
|
2014-06-11T20:52:15
|
|
netops: init OpenSSL once under lock
The OpenSSL init functions are not reentrant, which means that running
multiple fetches in parallel can cause us to crash.
Use a mutex to init OpenSSL, and since we're adding this extra checks,
init it only once.
|
|
7c57cd97
|
2014-05-12T20:25:44
|
|
Win32 fix for #2300.
The code doesn't use SSL and a test requires it.
|
|
783555d8
|
2014-04-26T14:36:32
|
|
netops: catch the server not sending a certificate
It's possible for an encrypted connection not have a certificate. In
this case, SSL_get_verify_result() will return OK because no error
happened (as it never even tried to validate anything).
SSL_get_peer_certificate() will return NULL in this case so we need to
catch that. On the upside, the current code would segfault in this
situation instead of letting it through as a valid cert.
|
|
51d3f6f5
|
2014-04-26T14:16:42
|
|
netops: provide more specific error for cert failure
Specify what we do not like about the certificate. In this case, we do
not like the name.
|
|
1f0d4f3d
|
2014-04-26T13:51:14
|
|
netops: unit-test the cert host-name pattern matching
This kind of stuff should have unit tests, even if it's just to show
what we expect to match successfully.
|
|
e1ce5249
|
2013-11-18T21:40:19
|
|
netops: fix leak
|
|
98eaf39a
|
2013-11-13T11:12:31
|
|
Fix warnings
|
|
fb190bbb
|
2013-11-12T19:44:13
|
|
Fix warnings
|
|
79c44342
|
2013-11-05T11:35:57
|
|
Make url decoding more bulletproof
|
|
d6eb3f9c
|
2013-11-05T10:54:44
|
|
Remove unnecessary check
|
|
fe294b95
|
2013-11-05T10:37:50
|
|
Incorporate feedback
|
|
16bffd1c
|
2013-11-04T12:04:17
|
|
Unescape url-encoded usernames and passwords
|
|
c227c173
|
2013-11-04T11:42:14
|
|
Use http_parser_parse_url to parse urls
|
|
56c1cda2
|
2013-11-01T19:22:43
|
|
Clarify parsing issues and errors
|
|
7e035908
|
2013-11-01T15:29:25
|
|
Streamline url-parsing logic.
|
|
048f837b
|
2013-10-31T13:30:22
|
|
Prevent another segfault from bad URL
|
|
151b3218
|
2013-10-31T13:16:04
|
|
Prevent segfault with a badly-formed URL
|
|
41a6de28
|
2013-10-02T14:45:57
|
|
HTTP: handle "relative" redirects
|
|
b59344bf
|
2013-09-26T16:48:08
|
|
Tighten up url-connection utility
|
|
ea59f659
|
2013-09-26T16:20:30
|
|
Deploy gitno_connection_data into transport (winhttp)
...and have that call manage replaced memory in the output structure.
|
|
8988688c
|
2013-09-25T20:41:56
|
|
Migrate redirect URL handling to common utility
|
|
eb0ff130
|
2013-09-24T14:07:08
|
|
Disconnect path string to preserve after redirect
The subtransport path was relying on pointing to data owned by
the remote which meant that after a redirect, the updated path
was getting lost for future requests. This updates the http
transport to strdup the path and maintain its own lifetime.
This also pulls responsibility for parsing the URL back into the
http transport and isolates the functions that parse and free that
connection data so that they can be reused between the initial
parsing and the redirect parsing.
|
|
c9144405
|
2013-09-23T11:37:35
|
|
Properly parse urls that include protocol://
|
|
e5296308
|
2013-08-24T20:15:22
|
|
netops: remove duplicate include
9e9aee6 added an include <netinet/in.h> to fix the build on FreeBSD.
Sometime since then the same header is included ifndef _WIN32, so
remove the duplicate include.
|
|
de81aee3
|
2013-02-04T14:49:28
|
|
Merge pull request #1298 from ben/user-at
Handle "user@" prefix for credentials partially included in URLs
|
|
c70455c7
|
2013-02-01T22:53:51
|
|
Deduplicate FormatMessage UTF-16 to UTF-8 conversion code
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
bd25a302
|
2013-02-01T22:22:26
|
|
Improved error handling
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
89ad1c57
|
2013-02-01T22:14:52
|
|
Get utf8_size from WideCharToMultiByte instead of guessing it
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
b0dc81f0
|
2013-02-01T16:17:34
|
|
Win32: Make sure error messages are consistently UTF-8 encoded
W/o this a libgit2 error message could have a mixed encoding:
e.g. a filename in UTF-8 combined with a native Windows error message
encoded with the local code page.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
c4beee76
|
2013-02-01T10:00:55
|
|
Introduce git__substrdup
|
|
cf7038a6
|
2013-01-31T14:04:21
|
|
Enhance url parsing to include passwords
|
|
2234b2b0
|
2013-01-30T19:03:58
|
|
Stash username from url (but don't use it yet)
|
|
5f10853e
|
2013-01-30T18:50:31
|
|
Skip "user@" when finding hostname in url
|
|
cfc39f50
|
2013-01-25T22:43:52
|
|
Fix 3 memory leaks
|
|
7a2cf780
|
2013-01-20T01:57:32
|
|
Fix compilation on OpenBSD
|
|
359fc2d2
|
2013-01-08T17:07:25
|
|
update copyrights
|
|
f2b00cbd
|
2012-12-17T19:35:40
|
|
netops: on SSL teardown only send shutdown alert
According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is
enough (the underlying connection shall be closed anyway), this first
call to SSL_shutdown() is sufficient."
Currently, an unidirectional shutdown is enough, since
gitno_ssl_teardown is called by gitno_close only. Do so to avoid further
errors (by misbehaving peers for example).
Fixes #1129.
|
|
9c8dbc88
|
2012-12-17T19:18:34
|
|
netops: properly handle GITNO_CONNECT_SSL_NO_CHECK_CERT
Don't return an error just because GITNO_CONNECT_SSL_NO_CHECK_CERT is
set.
|
|
9e9aee67
|
2012-11-26T23:29:34
|
|
fix build on FreeBSD
3f9eb1e introduced support for SSL certificates issued for IP
addresses, making use of in_addr and in_addr6 structs. On FreeBSD
these are defined in (a file included in) <netinet/in.h>, so include
that file on FreeBSD and get the build working again.
|
|
9d641283
|
2012-11-08T08:06:23
|
|
Merge pull request #1048 from pwkelley/basic_auth
Basic authentication for http and winhttp
|
|
345eef23
|
2012-11-07T16:10:57
|
|
Move inet_pton to posix platform-compatibility layer
|
|
d1a69d0f
|
2012-11-06T20:16:53
|
|
Fix compilation for mingw32 and cygwin
inet_pton is available only in windows vista or later,
fixed the issue by reimplementing it using WSAStringToAddress
|
|
2f7538ec
|
2012-11-06T09:36:04
|
|
Fix connection leak in http subtransport
|
|
41fb1ca0
|
2012-10-29T13:41:14
|
|
Reorganize transport architecture (squashed 3)
|
|
7bcd9e23
|
2012-10-19T19:23:32
|
|
gitno_buffer: callback on each packet
The fetch code takes advantage of this to implement a
progress callback every 100kb of transfer.
|
|
65ac67fb
|
2012-08-28T21:58:10
|
|
netops: be more careful with SSL errors
SSL_get_error() allows to receive a result code for various SSL
operations. Depending on the return value (see man (3) SSL_get_error)
there might be additional information in the OpenSSL error queue. Return
the queued message if available, otherwise set an error message
corresponding to the return code.
|
|
4deda91b
|
2012-09-04T00:13:59
|
|
netops: continue writing on SSL_ERROR_WANT_WRITE
|
|
0d5dce26
|
2012-08-28T14:15:32
|
|
ssl: make cert check ignore work for invalid certs, not just CNs
Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the
certificate is invalid, without giving us a chance to ignore that
error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user
wanted us to check.
When no CNs match, we used to jump to on_error which gave a bogus
error as that's for OpenSSL errors. Jump to cert_fail so we tell the
user that the error came from checking the certificate.
|
|
e25dda51
|
2012-08-02T01:38:30
|
|
Merge remote-tracking branch 'nulltoken/topic/amd64-compat' into development
Conflicts:
src/netops.c
src/netops.h
src/oid.c
|
|
8861d32f
|
2012-07-25T16:16:53
|
|
ssl: use the callback instead of ifs to determine how to get data
Using the callbacks makes it clearer and reduces the amount of #ifdefs
and ifs and we need in the code.
|
|
0048372a
|
2012-07-27T01:09:06
|
|
transport: rename encrypt to use_ssl
SSL isn't the only way that a transport can be encrypted. The new name
will make it easier to merge the SSH support.
|
|
b49c8f71
|
2012-07-24T19:03:22
|
|
remote: use the same code to control git and http
This allows us to add capabilitites to both at the same time, keeps
them in sync and removes a lot of code.
gitno_buffer now uses a callback to fill its buffer, allowing us to
use the same interface for git and http (which uses callbacks).
|
|
b8457baa
|
2012-07-24T07:57:58
|
|
portability: Improve x86/amd64 compatibility
|
|
798e4d53
|
2012-06-22T21:25:17
|
|
amigaos: Cleanup
|
|
2ae052d1
|
2012-06-22T20:48:50
|
|
Merge branch 'pull-req' of https://github.com/chris-y/libgit2 into amigaos
|
|
b6423939
|
2012-06-20T20:35:13
|
|
more getaddrinfo compatibility
|
|
8d18f1f7
|
2012-06-20T20:12:30
|
|
getaddrinfo() replacement functions
|
|
ac8eac2f
|
2012-06-15T11:25:52
|
|
Fix compile errors when building on windows
Errors were due to not including winsock2 early enough.
|
|
d043013f
|
2012-06-14T19:09:42
|
|
More changes resulting from pull request
|
|
a8df98c6
|
2012-06-14T18:57:24
|
|
Updates from comments on OS4 compatibility pull request http://github.com/libgit2/libgit2/pull/766
|
|
96ef3d84
|
2012-06-13T23:16:14
|
|
Make this more generic and mergeable.
Needs AmigaOS.cmake now from CMake package at OS4Depot, or contents below:
--8<--
SET(AMIGA 1)
SET(CMAKE_SHARED_LIBRARY_C_FLAGS "-fPIC")
SET(CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-shared")
--8<--
|
|
327fb51c
|
2012-06-09T18:13:07
|
|
Fix gethostbyname compatibility
|
|
c41fc475
|
2012-06-07T21:26:39
|
|
horrid gethostbyname compatibility
|
|
6f944ab1
|
2012-06-07T13:36:28
|
|
Fix compilation warning
|
|
66798ad0
|
2012-06-06T11:00:15
|
|
Don't include arpa/inet.h on Windows
|
|
966fbdcb
|
2012-06-05T13:53:33
|
|
Merge pull request #697 from carlosmn/ssl
Add HTTPS support
|
|
c1318f71
|
2012-05-26T18:16:13
|
|
Use lowercase names for Windows headers
Otherwise we can't cross-compile on Linux.
|
|
250b95b2
|
2012-05-26T21:17:08
|
|
ssl: allow skipping the server certificate check
Sometimes it's useful not to perform the check. Allow it to be
configurable.
|
|
dbb36e1b
|
2012-05-17T17:56:49
|
|
ssl: check certificates against the system's trusted CAs
|
|
d3e1367f
|
2012-05-17T21:40:20
|
|
ssl: remove GnuTLS support
It's too much work for now to redo everything.
Move the ssl context struct to transport.h
|
|
441df990
|
2012-05-17T23:57:30
|
|
ssl: look up the last CN the alternative names don't match
|
|
16768191
|
2012-05-17T21:16:59
|
|
ssl: match host names according to RFC 2818 (HTTP over TLS)
|
|
3f9eb1e5
|
2012-05-17T22:22:05
|
|
ssl: add support for certificates issues to an IP address
|
|
a6f24a5b
|
2012-05-01T01:50:26
|
|
https: make it work with OpenSSL as well
Add specific functions that use OpenSSL instead of GnuTLS
|
|
66024c7c
|
2012-05-01T00:05:25
|
|
http: add https support when GnuTLS is available
If it's not available, an error saying so will be returned when trying
to use a https:// URL.
This also unifies a lot of the network code to use git_transport in
many places instead of an socket descriptor.
|
|
89460f3f
|
2012-05-03T14:07:55
|
|
ssl: teardown the connection on close
This should help us free some resources, though the libraries do keep
some buffers allocated regardless.
|