int openssl_connect(git_stream *stream) { int ret; BIO *bio; openssl_stream *st = (openssl_stream *) stream; if ((ret = git_stream_connect(st->io)) < 0) return ret; st->connected = true; bio = BIO_new(&git_stream_bio_method); GITERR_CHECK_ALLOC(bio); bio->ptr = st->io; SSL_set_bio(st->ssl, bio, bio); /* specify the host in case SNI is needed */ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME SSL_set_tlsext_host_name(st->ssl, st->host); #endif if ((ret = SSL_connect(st->ssl)) <= 0) return ssl_set_error(st->ssl, ret); return verify_server_cert(st->ssl, st->host); }
static int ssl_setup(git_transport *t, const char *host) { int ret; SSL_library_init(); SSL_load_error_strings(); t->ssl.ctx = SSL_CTX_new(SSLv23_method()); if (t->ssl.ctx == NULL) return ssl_set_error(&t->ssl, 0); SSL_CTX_set_mode(t->ssl.ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(t->ssl.ctx, SSL_VERIFY_PEER, NULL); if (!SSL_CTX_set_default_verify_paths(t->ssl.ctx)) return ssl_set_error(&t->ssl, 0); t->ssl.ssl = SSL_new(t->ssl.ctx); if (t->ssl.ssl == NULL) return ssl_set_error(&t->ssl, 0); if((ret = SSL_set_fd(t->ssl.ssl, t->socket)) == 0) return ssl_set_error(&t->ssl, ret); if ((ret = SSL_connect(t->ssl.ssl)) <= 0) return ssl_set_error(&t->ssl, ret); if (t->check_cert && verify_server_cert(t, host) < 0) return -1; return 0; }
static int ssl_setup(gitno_socket *socket, const char *host, int flags) { int ret; SSL_library_init(); SSL_load_error_strings(); socket->ssl.ctx = SSL_CTX_new(SSLv23_method()); if (socket->ssl.ctx == NULL) return ssl_set_error(&socket->ssl, 0); SSL_CTX_set_mode(socket->ssl.ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(socket->ssl.ctx, SSL_VERIFY_NONE, NULL); if (!SSL_CTX_set_default_verify_paths(socket->ssl.ctx)) return ssl_set_error(&socket->ssl, 0); socket->ssl.ssl = SSL_new(socket->ssl.ctx); if (socket->ssl.ssl == NULL) return ssl_set_error(&socket->ssl, 0); if((ret = SSL_set_fd(socket->ssl.ssl, socket->socket)) == 0) return ssl_set_error(&socket->ssl, ret); if ((ret = SSL_connect(socket->ssl.ssl)) <= 0) return ssl_set_error(&socket->ssl, ret); if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags) return 0; return verify_server_cert(&socket->ssl, host); }
int openssl_connect(git_stream *stream) { int ret; openssl_stream *st = (openssl_stream *) stream; if ((ret = git_stream_connect((git_stream *)st->socket)) < 0) return ret; if ((ret = SSL_set_fd(st->ssl, st->socket->s)) <= 0) { openssl_close((git_stream *) st); return ssl_set_error(st->ssl, ret); } if ((ret = SSL_connect(st->ssl)) <= 0) return ssl_set_error(st->ssl, ret); return verify_server_cert(st->ssl, st->socket->host); }
int openssl_connect(git_stream *stream) { int ret; openssl_stream *st = (openssl_stream *) stream; if ((ret = git_stream_connect((git_stream *)st->socket)) < 0) return ret; if ((ret = SSL_set_fd(st->ssl, st->socket->s)) <= 0) { openssl_close((git_stream *) st); return ssl_set_error(st->ssl, ret); } /* specify the host in case SNI is needed */ SSL_set_tlsext_host_name(st->ssl, st->socket->host); if ((ret = SSL_connect(st->ssl)) <= 0) return ssl_set_error(st->ssl, ret); return verify_server_cert(st->ssl, st->socket->host); }