Thanks to visit codestin.com
Credit goes to github.com

Skip to content

add support of mbedTLS #3462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 10 commits into from
Closed

add support of mbedTLS #3462

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
30ff088
mbedtls cmake config
wildart Oct 9, 2015
ccbd58b
define mbedtls global configuration
wildart Oct 9, 2015
322f06d
added certificate location setup
wildart Oct 9, 2015
b79ecc4
introduced GIT_MBEDTLS symbol
wildart Oct 9, 2015
f7bb614
added git_mbedtls_stream_new
wildart Oct 9, 2015
f160f49
fixed typos in cmake module
wildart Oct 10, 2015
87411f7
added certificates loading
wildart Oct 10, 2015
c5f5a25
proper certificate verification & cleanup of `git_mbedtls_stream_new`
wildart Oct 10, 2015
00e5422
use libmbedcrypto for SHA1
wildart Oct 11, 2015
14f537f
added new CI configuration for mbedtls
wildart Oct 11, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
added certificates loading
  • Loading branch information
@wildart
wildart committed Oct 10, 2015
commit 87411f79ffa2ff899df4367af1408de19cf29e2f
21 changes: 15 additions & 6 deletions src/global.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,9 @@ static git_mutex *openssl_locks;
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#define CRT_LOC "/etc/ssl/certs"
mbedtls_ssl_config *git__ssl_conf;
mbedtls_entropy_context *mbedtls_entropy;
# ifdef GIT_THREADS
static git_mutex *mbedtls_locks;
# endif
#endif

static git_global_shutdown_fn git__shutdown_callbacks[MAX_SHUTDOWN_CB];
Expand Down Expand Up @@ -167,13 +165,24 @@ static void init_ssl(void)
git__free(git__ssl_conf);
git__ssl_conf = NULL;
} else {
mbedtls_ssl_conf_authmode(git__ssl_conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_authmode(git__ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_rng(git__ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg);

// Do not load certificates, initialize later through settings
cacert = git__malloc(sizeof(mbedtls_x509_crt));
mbedtls_x509_crt_init(cacert);
mbedtls_ssl_conf_ca_chain(git__ssl_conf, cacert, NULL);
ret = mbedtls_x509_crt_parse_path(cacert, CRT_LOC);
if (ret) {
giterr_set(GITERR_SSL, "failed to load CA certificates: %d", ret);
mbedtls_x509_crt_free(cacert);
git__free(cacert);
mbedtls_ctr_drbg_free(ctr_drbg);
git__free(ctr_drbg);
mbedtls_ssl_config_free(git__ssl_conf);
git__free(git__ssl_conf);
git__ssl_conf = NULL;
} else {
mbedtls_ssl_conf_ca_chain(git__ssl_conf, cacert, NULL);
}
}
}
#endif
Expand Down