Skip to content

Commit 2231705

Browse files
committed
https: Prevent OpenSSL from namespace-leaking
1 parent e936985 commit 2231705

File tree

4 files changed

+23
-10
lines changed

4 files changed

+23
-10
lines changed

src/global.h

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,6 @@ typedef struct {
2525
git_thread *current_thread;
2626
} git_global_st;
2727

28-
#ifdef GIT_OPENSSL
29-
# include <openssl/ssl.h>
30-
extern SSL_CTX *git__ssl_ctx;
31-
#endif
32-
3328
git_global_st *git__global_state(void);
3429

3530
extern git_mutex git__mwindow_mutex;

src/settings.c

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
#include "odb.h"
2020
#include "refs.h"
2121
#include "transports/smart.h"
22+
#include "streams/openssl.h"
2223

2324
void git_libgit2_version(int *major, int *minor, int *rev)
2425
{
@@ -172,11 +173,7 @@ int git_libgit2_opts(int key, ...)
172173
{
173174
const char *file = va_arg(ap, const char *);
174175
const char *path = va_arg(ap, const char *);
175-
if (!SSL_CTX_load_verify_locations(git__ssl_ctx, file, path)) {
176-
giterr_set(GITERR_NET, "SSL error: %s",
177-
ERR_error_string(ERR_get_error(), NULL));
178-
error = -1;
179-
}
176+
error = git_openssl__set_cert_location(file, path);
180177
}
181178
#else
182179
giterr_set(GITERR_NET, "cannot set certificate locations: OpenSSL is not enabled");

src/streams/openssl.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -628,6 +628,16 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
628628
return error;
629629
}
630630

631+
int git_openssl__set_cert_location(const char *file, const char *path)
632+
{
633+
if (SSL_CTX_load_verify_locations(git__ssl_ctx, file, path) == 0) {
634+
giterr_set(GITERR_SSL, "OpenSSL error: failed to load certificates: %s",
635+
ERR_error_string(ERR_get_error(), NULL));
636+
return -1;
637+
}
638+
return 0;
639+
}
640+
631641
#else
632642

633643
#include "stream.h"
@@ -654,4 +664,13 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
654664
return -1;
655665
}
656666

667+
int git_openssl__set_cert_location(const char *file, const char *path)
668+
{
669+
GIT_UNUSED(file);
670+
GIT_UNUSED(path);
671+
672+
giterr_set(GITERR_SSL, "openssl is not supported in this version");
673+
return -1;
674+
}
675+
657676
#endif

src/streams/openssl.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ extern int git_openssl_stream_global_init(void);
1515

1616
extern int git_openssl_stream_new(git_stream **out, const char *host, const char *port);
1717

18+
extern int git_openssl__set_cert_location(const char *file, const char *path);
19+
1820
/*
1921
* OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
2022
* which do not exist in previous versions. We define these inline functions so

0 commit comments

Comments
 (0)