int git_openssl_stream_global_init(void) { #ifdef GIT_OPENSSL long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; /* Older OpenSSL and MacOS OpenSSL doesn't have this */ #ifdef SSL_OP_NO_COMPRESSION ssl_opts |= SSL_OP_NO_COMPRESSION; #endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); /* * Load SSLv{2,3} and TLSv1 so that we can talk with servers * which use the SSL hellos, which are often used for * compatibility. We then disable SSL so we only allow OpenSSL * to speak TLSv1 to perform the encryption itself. */ git__ssl_ctx = SSL_CTX_new(SSLv23_method()); SSL_CTX_set_options(git__ssl_ctx, ssl_opts); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; return -1; } #endif git__on_shutdown(shutdown_ssl); return 0; }
int git_openssl_set_locking(void) { #if defined(GIT_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L int num_locks, i; num_locks = CRYPTO_num_locks(); openssl_locks = git__calloc(num_locks, sizeof(git_mutex)); GITERR_CHECK_ALLOC(openssl_locks); for (i = 0; i < num_locks; i++) { if (git_mutex_init(&openssl_locks[i]) != 0) { giterr_set(GITERR_SSL, "failed to initialize openssl locks"); return -1; } } CRYPTO_set_locking_callback(openssl_locking_function); git__on_shutdown(shutdown_ssl_locking); return 0; #elif OPENSSL_VERSION_NUMBER >= 0x10100000L return 0; #else giterr_set(GITERR_THREAD, "libgit2 was not built with threads"); return -1; #endif }
int git_openssl_stream_global_init(void) { #ifdef GIT_OPENSSL long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; const char *ciphers = git_libgit2__ssl_ciphers(); /* Older OpenSSL and MacOS OpenSSL doesn't have this */ #ifdef SSL_OP_NO_COMPRESSION ssl_opts |= SSL_OP_NO_COMPRESSION; #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); #else OPENSSL_init_ssl(0, NULL); #endif /* * Load SSLv{2,3} and TLSv1 so that we can talk with servers * which use the SSL hellos, which are often used for * compatibility. We then disable SSL so we only allow OpenSSL * to speak TLSv1 to perform the encryption itself. */ git__ssl_ctx = SSL_CTX_new(SSLv23_method()); SSL_CTX_set_options(git__ssl_ctx, ssl_opts); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; return -1; } if (!ciphers) { ciphers = GIT_SSL_DEFAULT_CIPHERS; } if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; return -1; } if (init_bio_method() < 0) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; return -1; } #endif git__on_shutdown(shutdown_ssl); return 0; }
static void init_ssl(void) { #ifdef GIT_SSL SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); /* * Load SSLv{2,3} and TLSv1 so that we can talk with servers * which use the SSL hellos, which are often used for * compatibility. We then disable SSL so we only allow OpenSSL * to speak TLSv1 to perform the encryption itself. */ git__ssl_ctx = SSL_CTX_new(SSLv23_method()); SSL_CTX_set_options(git__ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 /* Older OpenSSL and MacOS OpenSSL doesn't have this */ # ifdef SSL_OP_NO_COMPRESSION | SSL_OP_NO_COMPRESSION # endif ); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; } # ifdef GIT_THREADS { int num_locks, i; num_locks = CRYPTO_num_locks(); openssl_locks = git__calloc(num_locks, sizeof(git_mutex)); if (openssl_locks == NULL) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; } for (i = 0; i < num_locks; i++) { if (git_mutex_init(&openssl_locks[i]) != 0) { SSL_CTX_free(git__ssl_ctx); git__ssl_ctx = NULL; } } CRYPTO_set_locking_callback(openssl_locking_function); } git__on_shutdown(shutdown_ssl); # endif #endif }
int git_hash_global_init(void) { int error = 0; if (hash_prov.type != INVALID) return 0; if ((error = hash_cng_prov_init()) < 0) error = hash_cryptoapi_prov_init(); git__on_shutdown(git_hash_global_shutdown); return error; }
int git_transport_ssh_global_init(void) { #ifdef GIT_SSH if (libssh2_init(0) < 0) { giterr_set(GITERR_SSH, "unable to initialize libssh2"); return -1; } git__on_shutdown(shutdown_ssh); return 0; #else /* Nothing to initialize */ return 0; #endif }