diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2015-06-09 19:07:58 +0200 | 
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2015-06-24 17:26:36 +0200 | 
| commit | cdee630f6f8fc170f21dbcc88248a18a466722a1 (patch) | |
| tree | 6adb8c6adacc9a90408720248edc18e8b4ad43ba | |
| parent | 8762d721f4cff582356a1591e220463c9ca1d389 (diff) | |
| download | libgit2-cdee630f6f8fc170f21dbcc88248a18a466722a1.tar.gz | |
curl: extract certificate information
The information is exposed by curl for some crypto libraries in the form
of name:content strings. We can't do much more than return this
information.
| -rw-r--r-- | include/git2/types.h | 12 | ||||
| -rw-r--r-- | src/curl_stream.c | 37 | 
2 files changed, 46 insertions, 3 deletions
| diff --git a/include/git2/types.h b/include/git2/types.h index d1e7cd92c..c97e5ba61 100644 --- a/include/git2/types.h +++ b/include/git2/types.h @@ -284,6 +284,11 @@ typedef int (*git_transport_message_cb)(const char *str, int len, void *payload)   * Type of host certificate structure that is passed to the check callback   */  typedef enum git_cert_t { +	/** +	 * No information about the certificate is available. This may +	 * happen when using curl. +	 */ +	GIT_CERT_NONE,          /**           * The `data` argument to the callback will be a pointer to           * the DER-encoded data. @@ -294,6 +299,13 @@ typedef enum git_cert_t {           * `git_cert_hostkey` structure.           */  	GIT_CERT_HOSTKEY_LIBSSH2, +	/** +	 * The `data` argument to the callback will be a pointer to a +	 * `git_strarray` with `name:content` strings containing +	 * information about the certificate. This is used when using +	 * curl. +	 */ +	GIT_CERT_STRARRAY,  } git_cert_t;  /** diff --git a/src/curl_stream.c b/src/curl_stream.c index 51b7fa7a4..906a67f2a 100644 --- a/src/curl_stream.c +++ b/src/curl_stream.c @@ -12,6 +12,7 @@  #include "stream.h"  #include "git2/transport.h"  #include "buffer.h" +#include "vector.h"  typedef struct {  	git_stream parent; @@ -19,6 +20,7 @@ typedef struct {  	curl_socket_t socket;  	char curl_error[CURL_ERROR_SIZE + 1];  	git_cert_x509 cert_info; +	git_strarray cert_info_strings;  } curl_stream;  static int seterr_curl(curl_stream *s) @@ -53,11 +55,39 @@ static int curls_connect(git_stream *stream)  static int curls_certificate(git_cert **out, git_stream *stream)  { +	int error; +	CURLcode res; +	struct curl_slist *slist; +	struct curl_certinfo *certinfo; +	git_vector strings = GIT_VECTOR_INIT;  	curl_stream *s = (curl_stream *) stream; -	s->cert_info.cert_type = GIT_CERT_X509; -	s->cert_info.data      = NULL; -	s->cert_info.len       = 0; +	if ((res = curl_easy_getinfo(s->handle, CURLINFO_CERTINFO, &certinfo)) != CURLE_OK) +		return seterr_curl(s); + +	/* No information is available, can happen with SecureTransport */ +	if (certinfo->num_of_certs == 0) { +		s->cert_info.cert_type = GIT_CERT_NONE; +		s->cert_info.data      = NULL; +		s->cert_info.len       = 0; +		return 0; +	} + +	if ((error = git_vector_init(&strings, 8, NULL)) < 0) +		return error; + +	for (slist = certinfo->certinfo[0]; slist; slist = slist->next) { +		char *str = git__strdup(slist->data); +		GITERR_CHECK_ALLOC(str); +	} + +	/* Copy the contents of the vector into a strarray so we can expose them */ +	s->cert_info_strings.strings = (char **) strings.contents; +	s->cert_info_strings.count   = strings.length; + +	s->cert_info.cert_type = GIT_CERT_STRARRAY; +	s->cert_info.data      = &s->cert_info_strings; +	s->cert_info.len       = strings.length;  	*out = (git_cert *) &s->cert_info; @@ -161,6 +191,7 @@ static void curls_free(git_stream *stream)  	curl_stream *s = (curl_stream *) stream;  	curls_close(stream); +	git_strarray_free(&s->cert_info_strings);  	git__free(s);  } | 
