Thanks to visit codestin.com
Credit goes to github.com

Skip to content

mbedTLS support #4173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Apr 22, 2018
Merged

mbedTLS support #4173

Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ca3b223
mbedtls: initial support
tiennou Mar 29, 2018
1a1875f
mbedtls: proper certificate verification
tiennou Mar 29, 2018
6c6be3c
mbedtls: use libmbedcrypto for hashing
tiennou Mar 29, 2018
60e1ad9
mbedtls: add global initialization
tiennou Mar 29, 2018
2419ccc
mbedtls: default cipher list support
tiennou Mar 29, 2018
ec79b0f
mbedtls: fix libgit2 hanging due to incomplete writes
tiennou Mar 29, 2018
262dfcf
mbedtls: enable Travis CI tests
tiennou Mar 29, 2018
4165bb7
mbedtls: use our own certificate validation
tiennou Mar 29, 2018
1edde0b
mbedtls: use mbedTLS certificate verification
tiennou Mar 29, 2018
382ed1e
mbedtls: load default CA certificates
tiennou Mar 29, 2018
b3e0280
mbedtls: display error codes as hex for consistency with mbedTLS docs
tiennou Mar 29, 2018
e3d764a
tests: clarify comment
tiennou Mar 29, 2018
5455475
cmake: make our preferred backend ordering consistent
tiennou Mar 29, 2018
10aff3d
travis: just grab what we need from mbedtls
tiennou Mar 29, 2018
cb2da47
travis: pass -fPIC when configuring mbedtls
tiennou Mar 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
cmake: make our preferred backend ordering consistent
  • Loading branch information
@tiennou
tiennou committed Apr 11, 2018
commit 54554757c0595f5b3705f15d1212b34984bb35d1
9 changes: 6 additions & 3 deletions src/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,8 @@ ELSE ()
ENDIF()

IF (USE_HTTPS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment for USE_HTTPS says that you can set it to the name of the backend that you want to use. I don't think that's true, but it would be nice if it was.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does though. If you pass ON, this will use "autodetection" (a.k.a. use whatever backend we've found and is first in the following tests), Otherwise, this will be passed verbatim as HTTPS_BACKEND, which is handled just below (and will error if you passed nonsense).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, rereading, I see it now. Thanks!

# We try to find any packages our backends might use
FIND_PACKAGE(OpenSSL)
FIND_PACKAGE(mbedTLS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's still one thing I really don't like about this: even if I set USE_HTTPS=OpenSSL, it will try to find mbedTLS and vice versa, which is even printed out on command line. I think this is somewhat suprising for the user. The other way round, just making these calls QUIET, is not really a nice way either. If I set USE_HTTPS=OpenSSL, but never see a single line where it actually searches for the OpenSSL library, I'm confused as well. This is why I originally moved the FIND_PACKAGE logic into the OpenSSL branch itself.

Thinking a bit more about it, I feel like we just shouldn't bother too much about the auto detection. Instead of randomly picking whatever is there, we should declare platform-dependent defaults and just don't care whether those are installed or not. In case somebody has mbedTLS installed on Linux only, he will just have to choose that backend manually, as that is not the common case.

So, the end result should just first check the operating system and set HTTPS_BACKEND to the platform default iff USE_HTTPS=ON. Same for the SHA1 backend. After those two very simple blocks which do not do any checking whether those libraries exist, we can use unified logic to do the actual linking based on what backends for HTTPS and SHA1 are set.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(And obviously produce an error in case those libraries are not found)

IF (CMAKE_SYSTEM_NAME MATCHES "Darwin")
FIND_PACKAGE(Security)
Expand All @@ -150,10 +152,13 @@ IF (USE_HTTPS)
ENDIF()
ELSEIF (WINHTTP)
SET(HTTPS_BACKEND "WinHTTP")
ELSEIF(OPENSSL_FOUND)
SET(HTTPS_BACKEND "OpenSSL")
ELSEIF(MBEDTLS_FOUND)
SET(HTTPS_BACKEND "mbedTLS")
ELSE()
SET(HTTPS_BACKEND "OpenSSL")
MESSAGE(FATAL_ERROR "Unable to autodetect a usable HTTPS backend."
"Please pass the backend name explicitly (-DUSE_HTTPS=backend)")
ENDIF()
ELSE()
# Backend was explicitly set
Expand All @@ -177,8 +182,6 @@ IF (USE_HTTPS)
LIST(APPEND LIBGIT2_LIBS ${COREFOUNDATION_LIBRARIES} ${SECURITY_LIBRARIES})
LIST(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS})
ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL")
FIND_PACKAGE(OpenSSL)

IF (NOT OPENSSL_FOUND)
MESSAGE(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found")
ENDIF()
Expand Down