Skip to main content

Browse the archive

Raw File
libgit2-mbedtls-fixup.patch 
commit de8721ae70dfae529fdb50224a47eadf6d29c574
Author: Curtis Vogt <curtis.vogt@gmail.com>
Date:   Thu Jun 29 16:31:08 2017 -0500

    Corrections to mbedtls support with LibGit2 0.26.0

diff --git a/src/settings.c b/src/settings.c
index 3a46f0d..4d976a0 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -179,14 +179,18 @@ int git_libgit2_opts(int key, ...)
 			const char *path = va_arg(ap, const char *);
 			error = git_openssl_set_cert_file(file, path);
 		}
-#elif GIT_MBEDTLS
+#elif defined(GIT_MBEDTLS)
 		{
 			const char *file = va_arg(ap, const char *);
 			const char *path = va_arg(ap, const char *);
-			if (file)
+			if (file) {
 				error = git_mbedtls_set_cert_file(file, 0);
-			if (error && path)
-				error = git_mbedtls_set_cert_file(path, 0);
+			} else if (path) {
+				error = git_mbedtls_set_cert_file(path, 1);
+			} else {
+				giterr_set(GITERR_NET, "cannot set certificate locations: no file or path given");
+				error = -1;
+			}
 		}
 #else
 		giterr_set(GITERR_NET, "cannot set certificate locations: OpenSSL or mbedTLS is not enabled");
diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
index e456ea8..b4eb991 100644
--- a/src/streams/mbedtls.c
+++ b/src/streams/mbedtls.c
@@ -205,12 +205,12 @@ static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
 		break;
 
 	case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
-		giterr_set(GITERR_SSL, "SSL error: %x[%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
+		giterr_set(GITERR_SSL, "SSL error: 0x%04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
 		ret = GIT_ECERTIFICATE;
 		break;
 
 	default:
-		giterr_set(GITERR_SSL, "SSL error: %x - %s", error, errbuf);
+		giterr_set(GITERR_SSL, "SSL error: 0x%04x - %s", error, errbuf);
 	}
 
 	return ret;
@@ -236,7 +236,7 @@ static int verify_server_cert(mbedtls_ssl_context *ssl, const char *host)
 	if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) {
 		char vrfy_buf[512];
 		mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret);
-		giterr_set(GITERR_SSL, "The SSL certificate is invalid: %x - %s", ret, vrfy_buf);
+		giterr_set(GITERR_SSL, "The SSL certificate is invalid: 0x%04x - %s", ret, vrfy_buf);
 		return GIT_ECERTIFICATE;
 	}
 
@@ -430,7 +430,7 @@ int git_mbedtls_set_cert_file(const char *path, int is_dir)
 		ret = mbedtls_x509_crt_parse_file(cacert, path);
 	}
 	// mbedtls_x509_crt_parse_path returns the number of invalid certs on success
-	if (ret <= 0) {
+	if (ret < 0) {
 		mbedtls_x509_crt_free(cacert);
 		git__free(cacert);
 		mbedtls_strerror( ret, errbuf, 512 );
back to top