mirror of
https://git.proxmox.com/git/libgit2
synced 2025-05-10 19:49:11 +00:00
c1ec732f46
This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
48 lines
1010 B
C
48 lines
1010 B
C
#include "clar_libgit2.h"
|
|
|
|
#include "git2/clone.h"
|
|
|
|
static git_repository *g_repo;
|
|
|
|
#if defined(GIT_OPENSSL) || defined(GIT_WINHTTP) || defined(GIT_SECURE_TRANSPORT)
|
|
static bool g_has_ssl = true;
|
|
#else
|
|
static bool g_has_ssl = false;
|
|
#endif
|
|
|
|
void test_online_badssl__expired(void)
|
|
{
|
|
if (!g_has_ssl)
|
|
cl_skip();
|
|
|
|
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
|
|
}
|
|
|
|
void test_online_badssl__wrong_host(void)
|
|
{
|
|
if (!g_has_ssl)
|
|
cl_skip();
|
|
|
|
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
|
|
}
|
|
|
|
void test_online_badssl__self_signed(void)
|
|
{
|
|
if (!g_has_ssl)
|
|
cl_skip();
|
|
|
|
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
|
|
}
|
|
|
|
void test_online_badssl__old_cipher(void)
|
|
{
|
|
if (!g_has_ssl)
|
|
cl_skip();
|
|
|
|
cl_git_fail_with(GIT_ERROR,
|
|
git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
|
|
}
|