int openssl_connect(git_stream *stream)
{
int ret;
BIO *bio;
openssl_stream *st = (openssl_stream *) stream;
if ((ret = git_stream_connect(st->io)) < 0)
return ret;
st->connected = true;
bio = BIO_new(&git_stream_bio_method);
GITERR_CHECK_ALLOC(bio);
bio->ptr = st->io;
SSL_set_bio(st->ssl, bio, bio);
/* specify the host in case SNI is needed */
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(st->ssl, st->host);
#endif
if ((ret = SSL_connect(st->ssl)) <= 0)
return ssl_set_error(st->ssl, ret);
return verify_server_cert(st->ssl, st->host);
}
static int ssl_setup(git_transport *t, const char *host)
{
int ret;
SSL_library_init();
SSL_load_error_strings();
t->ssl.ctx = SSL_CTX_new(SSLv23_method());
if (t->ssl.ctx == NULL)
return ssl_set_error(&t->ssl, 0);
SSL_CTX_set_mode(t->ssl.ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(t->ssl.ctx, SSL_VERIFY_PEER, NULL);
if (!SSL_CTX_set_default_verify_paths(t->ssl.ctx))
return ssl_set_error(&t->ssl, 0);
t->ssl.ssl = SSL_new(t->ssl.ctx);
if (t->ssl.ssl == NULL)
return ssl_set_error(&t->ssl, 0);
if((ret = SSL_set_fd(t->ssl.ssl, t->socket)) == 0)
return ssl_set_error(&t->ssl, ret);
if ((ret = SSL_connect(t->ssl.ssl)) <= 0)
return ssl_set_error(&t->ssl, ret);
if (t->check_cert && verify_server_cert(t, host) < 0)
return -1;
return 0;
}
static int ssl_setup(gitno_socket *socket, const char *host, int flags)
{
int ret;
SSL_library_init();
SSL_load_error_strings();
socket->ssl.ctx = SSL_CTX_new(SSLv23_method());
if (socket->ssl.ctx == NULL)
return ssl_set_error(&socket->ssl, 0);
SSL_CTX_set_mode(socket->ssl.ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(socket->ssl.ctx, SSL_VERIFY_NONE, NULL);
if (!SSL_CTX_set_default_verify_paths(socket->ssl.ctx))
return ssl_set_error(&socket->ssl, 0);
socket->ssl.ssl = SSL_new(socket->ssl.ctx);
if (socket->ssl.ssl == NULL)
return ssl_set_error(&socket->ssl, 0);
if((ret = SSL_set_fd(socket->ssl.ssl, socket->socket)) == 0)
return ssl_set_error(&socket->ssl, ret);
if ((ret = SSL_connect(socket->ssl.ssl)) <= 0)
return ssl_set_error(&socket->ssl, ret);
if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags)
return 0;
return verify_server_cert(&socket->ssl, host);
}
int openssl_connect(git_stream *stream)
{
int ret;
openssl_stream *st = (openssl_stream *) stream;
if ((ret = git_stream_connect((git_stream *)st->socket)) < 0)
return ret;
if ((ret = SSL_set_fd(st->ssl, st->socket->s)) <= 0) {
openssl_close((git_stream *) st);
return ssl_set_error(st->ssl, ret);
}
if ((ret = SSL_connect(st->ssl)) <= 0)
return ssl_set_error(st->ssl, ret);
return verify_server_cert(st->ssl, st->socket->host);
}
int openssl_connect(git_stream *stream)
{
int ret;
openssl_stream *st = (openssl_stream *) stream;
if ((ret = git_stream_connect((git_stream *)st->socket)) < 0)
return ret;
if ((ret = SSL_set_fd(st->ssl, st->socket->s)) <= 0) {
openssl_close((git_stream *) st);
return ssl_set_error(st->ssl, ret);
}
/* specify the host in case SNI is needed */
SSL_set_tlsext_host_name(st->ssl, st->socket->host);
if ((ret = SSL_connect(st->ssl)) <= 0)
return ssl_set_error(st->ssl, ret);
return verify_server_cert(st->ssl, st->socket->host);
}
