src/openssl_stream.c


Log

Author Commit Date CI Message
Christian Schlack b726c539 2016-04-26T18:04:03 Fix return value of openssl_read (infinite loop) openssl_read should return -1 in case of error. SSL_read returns values <= 0 in case of error. A return value of 0 can lead to an infinite loop, so the return value of ssl_set_error will be returned if SSL_read is not successful (analog to openssl_write).
Dirkjan Bussink c1ec732f 2016-03-14T12:02:00 Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
Edward Thomson 0d9a7498 2016-02-25T12:09:49 Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes
Carlos Martín Nieto 68ad3156 2016-02-24T17:17:57 openssl: we already had the function, just needed the header
Carlos Martín Nieto f3d1be7d 2016-02-24T16:38:22 openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.
Patrick Steinhardt 05bf67b9 2016-02-23T11:16:36 openssl_stream: fix NULL pointer dereference
Patrick Steinhardt 2baf854e 2016-02-22T16:08:56 openssl_stream: fix memory leak when creating new stream
Carlos Martín Nieto c8fe6c09 2016-02-19T16:23:14 openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
Carlos Martín Nieto deecaa2e 2016-02-19T13:31:54 openssl: free the context even if we don't connect
Edward Thomson 8a6d6677 2016-02-08T16:14:03 global: make openssl registration like the rest
Carlos Martín Nieto 146a96de 2015-09-30T09:41:25 openssl: don't try to teardown an unconnected SSL context SSL_shutdown() does not like it when we pass an unitialized ssl context to it. This means that when we fail to connect to a host, we hide the error message saying so with OpenSSL's indecipherable error message.
Carlos Martín Nieto a1687f78 2015-07-10T19:07:41 Merge pull request #3297 from tkelman/patch-2 Fix undefined reference with old versions of openssl
Edward Thomson 79698030 2015-06-29T22:51:18 git_cert: child types use proper base type
Tony Kelman febc8c46 2015-07-07T06:55:05 Fix undefined reference with old versions of openssl Versions prior to 0.9.8f did not have this function, rhel/centos5 are still on a heavily backported version of 0.9.8e and theoretically supported until March 2017 Without this ifdef, I get the following link failure: ``` CMakeFiles/libgit2_clar.dir/src/openssl_stream.c.o: In function `openssl_connect': openssl_stream.c:(.text+0x45a): undefined reference to `SSL_set_tlsext_host_name' collect2: error: ld returned 1 exit status make[6]: *** [libgit2_clar] Error 1 ```
Edward Thomson 3ca84ac0 2015-06-29T20:29:29 openssl: free hostname
Pierre-Olivier Latour cae2a555 2015-06-26T08:17:56 Fixed build failure if GIT_CURL is not defined
Carlos Martín Nieto 8443f492 2015-06-11T16:57:04 curl: remove the encrypted param to the constructor We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
Carlos Martín Nieto e247649d 2015-06-11T16:50:44 openssl: use the curl stream if available When linking against libcurl, use it as the underlying transport instead of straight sockets. We can't quite just give over the file descriptor, as curl puts it into non-blocking mode, so we build a custom BIO so OpenSSL sends the data through our stream, be it the socket or curl streams.
Edward Thomson 2540487f 2015-05-22T12:53:52 Merge pull request #3108 from libgit2/cmn/ssl-no-want openssl: don't try to handle WANT_READ or WANT_WRITE
Carlos Martín Nieto a6ea108b 2015-05-21T14:04:46 Merge branch 'sni'
Cristian Oneț 987045c7 2015-05-20T18:03:54 Call the openssl API to be able to work with SNI servers.
Carlos Martín Nieto 1396c381 2015-05-18T16:04:55 errors: add GIT_EEOF to indicate early EOF This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.
Carlos Martín Nieto 77bffc2c 2015-05-09T13:21:39 openssl: don't try to handle WANT_READ or WANT_WRITE We use a blocking socket and set the mode to AUTO_RETRY which means that `SSL_write` and `SSL_read` will only return once the read or write has been completed. We therefore don't need to handle partial writes or re-try read due to a regenotiation. While here, consider that a zero also indicates an error condition.
Carlos Martín Nieto 24e53d2f 2015-03-19T09:55:20 Rename GIT_SSL to GIT_OPENSSL This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.
Carlos Martín Nieto 70b852ce 2015-03-19T00:45:43 Silence unused warnings when not using OpenSSL
Aki Koskinen ec032442 2015-02-27T10:49:02 Include openssl headers last Windows headers #define some names that openssl uses too. Openssl headers #undef the offending names before reusing them. But if those offending Windows headers get included after the openssl headers the namespace is polluted and nothing good happens. Fixes issue #2850.
Aki Koskinen a944c6cc 2015-03-02T11:08:04 Don't include headers on windows that aren't available This mainly concerns mingw build.
Raphael Kubo da Costa 3cda6be7 2015-01-24T16:19:43 openssl: Add all required includes for AF_INET6 and in6_addr. This fixes the build at least on FreeBSD, where those types were not defined indirectly: src/openssl_stream.c:100:18: error: variable has incomplete type 'struct in6_addr' struct in6_addr addr6; ^ src/openssl_stream.c:100:9: note: forward declaration of 'struct in6_addr' struct in6_addr addr6; ^ src/openssl_stream.c:111:18: error: use of undeclared identifier 'AF_INET' if (p_inet_pton(AF_INET, host, &addr4)) { ^ src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton' ^ src/openssl_stream.c:115:18: error: use of undeclared identifier 'AF_INET6' if(p_inet_pton(AF_INET6, host, &addr6)) { ^ src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton' ^
Carlos Martín Nieto 49ae22ba 2014-12-10T01:38:52 stream: constify the write buffer
Carlos Martín Nieto 1b75c29e 2014-11-02T11:17:01 gitno: remove code which is no longer needed Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.
Carlos Martín Nieto 468d7b11 2014-11-01T15:19:54 Add an OpenSSL IO stream This unfortunately isn't as stackable as could be possible, as it hard-codes the socket stream. This is because the method of using a custom openssl BIO is not clear, and we do not need this for now. We can still bring this in if and as we need it.