According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is
enough (the underlying connection shall be closed anyway), this first
call to SSL_shutdown() is sufficient."
Currently, an unidirectional shutdown is enough, since
gitno_ssl_teardown is called by gitno_close only. Do so to avoid further
errors (by misbehaving peers for example).
Fixes#1129.
3f9eb1e introduced support for SSL certificates issued for IP
addresses, making use of in_addr and in_addr6 structs. On FreeBSD
these are defined in (a file included in) <netinet/in.h>, so include
that file on FreeBSD and get the build working again.
SSL_get_error() allows to receive a result code for various SSL
operations. Depending on the return value (see man (3) SSL_get_error)
there might be additional information in the OpenSSL error queue. Return
the queued message if available, otherwise set an error message
corresponding to the return code.
Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the
certificate is invalid, without giving us a chance to ignore that
error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user
wanted us to check.
When no CNs match, we used to jump to on_error which gave a bogus
error as that's for OpenSSL errors. Jump to cert_fail so we tell the
user that the error came from checking the certificate.
This allows us to add capabilitites to both at the same time, keeps
them in sync and removes a lot of code.
gitno_buffer now uses a callback to fill its buffer, allowing us to
use the same interface for git and http (which uses callbacks).
Needs AmigaOS.cmake now from CMake package at OS4Depot, or contents below:
--8<--
SET(AMIGA 1)
SET(CMAKE_SHARED_LIBRARY_C_FLAGS "-fPIC")
SET(CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-shared")
--8<--
If it's not available, an error saying so will be returned when trying
to use a https:// URL.
This also unifies a lot of the network code to use git_transport in
many places instead of an socket descriptor.
Previously, it was defined in netops.c, but it's also needed in one of the
clar tests, so I figured we might as well just make it global for the
whole project.
Without it, the mingw32 linker won't resolve GetProcessId() (called from
the core/errors.c clar test) because of some conditionals in windows.h.
gitno_connect() can return an error or socket, which is fine on most
platforms where sockets are file descriptors (signed int), but on Windows,
SOCKET is an unsigned type, which is problematic when we are trying to
test if the socket was actually a negative error code.
This fix seperates the error code and socket in gitno_connect(), and fixes
the error handling in do_connect() functions to compensate. It appears
that git_connect() and the git-transport do_connect() functions had bugs
in the non-windows cases too (leaking sockets, and not properly reporting
connection error, respectively) so I went ahead and fixed those too.
As we don't know the length of the message we want to send to the
other end, we send a chunk size before each message. In later
versions, sending the wants might benefit from batching the lines
together.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
Winsock wants us to use closesocket() instead of close(), so introduce
the gitno_close function, which does the right thing.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
Windows wants us to initialise the networking DLL before we're allowed
to send data through a socket. Call WSASetup and WSACleanup if
GIT_WIN32 is defined.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
1. The license header is technically not valid if it doesn't have a
copyright signature.
2. The COPYING file has been updated with the different licenses used in
the project.
3. The full GPLv2 header in each file annoys me.
Sockets on Windows are unsigned, so define a type GIT_SOCKET which is
signed or unsigned depending on the platform.
Thanks to Em for his patience with this.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
Only signal that we need a pack if we do need it and don't send a want
just because it's the first. If we don't need to download the pack,
then we can skip all of the negotiation and just return success.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
MSYS/MinGW uses winsock but obviously doesn't set _MSC_VER. Use _WIN32
to decide whether to use winsock or BSD headers. Also remove these
headers from src/transport_git.c altogether, as they are not needed.
MSYS is very conservative, so we have to tell it that we don't care
about versions of Windows lower than WindowsXP. We also need to tell
CMake to add ws2_32 to the libraries list and we shouldn't add the
-fPIC option, to MSYS because it complains that it does it anyway.
Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
