libgit2-mbedtls-fixup.patch
commit de8721ae70dfae529fdb50224a47eadf6d29c574
Author: Curtis Vogt <curtis.vogt@gmail.com>
Date: Thu Jun 29 16:31:08 2017 -0500
Corrections to mbedtls support with LibGit2 0.26.0
diff --git a/src/settings.c b/src/settings.c
index 3a46f0d..4d976a0 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -179,14 +179,18 @@ int git_libgit2_opts(int key, ...)
const char *path = va_arg(ap, const char *);
error = git_openssl_set_cert_file(file, path);
}
-#elif GIT_MBEDTLS
+#elif defined(GIT_MBEDTLS)
{
const char *file = va_arg(ap, const char *);
const char *path = va_arg(ap, const char *);
- if (file)
+ if (file) {
error = git_mbedtls_set_cert_file(file, 0);
- if (error && path)
- error = git_mbedtls_set_cert_file(path, 0);
+ } else if (path) {
+ error = git_mbedtls_set_cert_file(path, 1);
+ } else {
+ giterr_set(GITERR_NET, "cannot set certificate locations: no file or path given");
+ error = -1;
+ }
}
#else
giterr_set(GITERR_NET, "cannot set certificate locations: OpenSSL or mbedTLS is not enabled");
diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
index e456ea8..b4eb991 100644
--- a/src/streams/mbedtls.c
+++ b/src/streams/mbedtls.c
@@ -205,12 +205,12 @@ static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
break;
case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
- giterr_set(GITERR_SSL, "SSL error: %x[%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
+ giterr_set(GITERR_SSL, "SSL error: 0x%04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
ret = GIT_ECERTIFICATE;
break;
default:
- giterr_set(GITERR_SSL, "SSL error: %x - %s", error, errbuf);
+ giterr_set(GITERR_SSL, "SSL error: 0x%04x - %s", error, errbuf);
}
return ret;
@@ -236,7 +236,7 @@ static int verify_server_cert(mbedtls_ssl_context *ssl, const char *host)
if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) {
char vrfy_buf[512];
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret);
- giterr_set(GITERR_SSL, "The SSL certificate is invalid: %x - %s", ret, vrfy_buf);
+ giterr_set(GITERR_SSL, "The SSL certificate is invalid: 0x%04x - %s", ret, vrfy_buf);
return GIT_ECERTIFICATE;
}
@@ -430,7 +430,7 @@ int git_mbedtls_set_cert_file(const char *path, int is_dir)
ret = mbedtls_x509_crt_parse_file(cacert, path);
}
// mbedtls_x509_crt_parse_path returns the number of invalid certs on success
- if (ret <= 0) {
+ if (ret < 0) {
mbedtls_x509_crt_free(cacert);
git__free(cacert);
mbedtls_strerror( ret, errbuf, 512 );