Use git_curl_stream_new for HTTPS because we don't link against openssl

2025-06-26 19:43:23 +00:00 · 2017-08-01 16:32:00 +02:00 · 2017-08-01 16:32:00 +02:00 · ce4209fdfd
commit ce4209fdfd
parent 396d8f37ce
5 changed files with 125 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+libgit2 (0.26.0+dfsg.1-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Use git_curl_stream_new for HTTPS because we don't link against openssl.
+
+ -- Ximin Luo <infinity0@debian.org>  Tue, 01 Aug 2017 15:54:10 +0200
+
 libgit2 (0.26.0+dfsg.1-1) experimental; urgency=medium

  * New upstream release.
--- a/debian/patches/revert-curl-no-encrypt.patch
+++ b/debian/patches/revert-curl-no-encrypt.patch
@ -0,0 +1,85 @@
+commit e96800420abf894673e8eeca4af5277dbb12d730
+Author: Ximin Luo <infinity0@pwned.gg>
+Date:   Tue Aug 1 16:07:35 2017 +0200
+
+    Revert "curl: remove the encrypted param to the constructor"
+    
+    This reverts commit 8443f492dd53451c1c74f61c0e51ddb32c5e6ba0.
+
+diff --git a/src/curl_stream.c b/src/curl_stream.c
+index 4e0455cca..346b0c00d 100644
+--- a/src/curl_stream.c
+++ b/src/curl_stream.c
+@@ -296,7 +296,7 @@ static void curls_free(git_stream *stream)
+ 	git__free(s);
+ }
+ 
+-int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted)
+ {
+ 	curl_stream *st;
+ 	CURL *handle;
+@@ -317,7 +317,15 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+ 		return error;
+ 	}
+ 
+-	curl_easy_setopt(handle, CURLOPT_URL, host);
+	if (encrypted) {
+		git_buf buf = GIT_BUF_INIT;
+		git_buf_printf(&buf, "https://%s", host);
+		curl_easy_setopt(handle, CURLOPT_URL, buf.ptr);
+		git_buf_free(&buf);
+	} else {
+		curl_easy_setopt(handle, CURLOPT_URL, host);
+	}
+
+ 	curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, st->curl_error);
+ 	curl_easy_setopt(handle, CURLOPT_PORT, iport);
+ 	curl_easy_setopt(handle, CURLOPT_CONNECT_ONLY, 1);
+@@ -329,7 +337,7 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+ 	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
+ 
+ 	st->parent.version = GIT_STREAM_VERSION;
+-	st->parent.encrypted = 0; /* we don't encrypt ourselves */
+	st->parent.encrypted = encrypted;
+ 	st->parent.proxy_support = 1;
+ 	st->parent.connect = curls_connect;
+ 	st->parent.certificate = curls_certificate;
+diff --git a/src/curl_stream.h b/src/curl_stream.h
+index 283f0fe40..168fbe8c4 100644
+--- a/src/curl_stream.h
+++ b/src/curl_stream.h
+@@ -9,6 +9,6 @@
+ 
+ #include "git2/sys/stream.h"
+ 
+-extern int git_curl_stream_new(git_stream **out, const char *host, const char *port);
+extern int git_curl_stream_new(git_stream **out, const char *host, const char *port, bool encrypted);
+ 
+ #endif
+diff --git a/src/openssl_stream.c b/src/openssl_stream.c
+index 759c5015f..f567347a1 100644
+--- a/src/openssl_stream.c
+++ b/src/openssl_stream.c
+@@ -588,7 +588,7 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
+ 
+ 	st->io = NULL;
+ #ifdef GIT_CURL
+-	error = git_curl_stream_new(&st->io, host, port);
+	error = git_curl_stream_new(&st->io, host, port, false);
+ #else
+ 	error = git_socket_stream_new(&st->io, host, port);
+ #endif
+diff --git a/src/transports/http.c b/src/transports/http.c
+index cb4a6d0d5..e4535b6db 100644
+--- a/src/transports/http.c
+++ b/src/transports/http.c
+@@ -609,7 +609,7 @@ static int http_connect(http_subtransport *t)
+ 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+ 	} else {
+ #ifdef GIT_CURL
+-		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
+ #else
+ 		error = git_socket_stream_new(&t->io,  t->connection_data.host, t->connection_data.port);
+ #endif
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1,2 @@
+revert-curl-no-encrypt.patch
+use-curl-stream.patch
--- a/debian/patches/use-curl-stream.patch
+++ b/debian/patches/use-curl-stream.patch
@ -0,0 +1,29 @@
+Description: Add -DUSE_CURL_SSL to allow distros to avoid OpenSSL
+Author: Ximin Luo <infinity0@pwned.gg>
+Forwarded: https://github.com/libgit2/libgit2/pull/4325
+--- a/src/transports/http.c
+++ b/src/transports/http.c
+@@ -606,7 +606,11 @@
+ 	}
+ 
+ 	if (t->connection_data.use_ssl) {
+#ifdef GIT_CURL_SSL
+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, true);
+#else
+ 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+#endif
+ 	} else {
+ #ifdef GIT_CURL
+ 		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -285,6 +285,9 @@
+ 	ENDIF ()
+ 
+ 	IF (CURL_FOUND)
+		IF (USE_CURL_SSL)
+			ADD_DEFINITIONS(-DGIT_CURL_SSL)
+		ENDIF()
+ 		ADD_DEFINITIONS(-DGIT_CURL)
+ 		INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIRS})
+ 		LINK_DIRECTORIES(${CURL_LIBRARY_DIRS})
--- a/debian/rules
+++ b/debian/rules
@ -18,6 +18,7 @@ override_dh_auto_configure:
 	dh_auto_configure --builddirectory=build-debian-release -- \
 		-DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \
 		-DUSE_OPENSSL:BOOL=OFF \
+		-DUSE_CURL_SSL:BOOL=ON \
 		-DUSE_GSSAPI:BOOL=ON \
 		-DTHREADSAFE:BOOL=ON \
 		-DBUILD_CLAR:BOOL=ON \
@ -27,6 +28,7 @@ override_dh_auto_configure:
 		-DCMAKE_BUILD_TYPE:STRING=Release \
 		-DTHREADSAFE:BOOL=ON \
 		-DUSE_OPENSSL:BOOL=OFF \
+		-DUSE_CURL_SSL:BOOL=ON \
 		-DUSE_GSSAPI:BOOL=ON \
 		-DBUILD_CLAR:BOOL=OFF \
 		-DBUILD_SHARED_LIBS:BOOL=OFF \