diff options
| -rw-r--r-- | src/global.c | 15 | ||||
| -rw-r--r-- | src/netops.c | 2 | ||||
| -rw-r--r-- | src/unix/map.c | 6 |
3 files changed, 11 insertions, 12 deletions
diff --git a/src/global.c b/src/global.c index 1e6bf82f9..55b31196e 100644 --- a/src/global.c +++ b/src/global.c @@ -73,6 +73,13 @@ static void shutdown_ssl(void) static void init_ssl(void) { #ifdef GIT_SSL + long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + + /* Older OpenSSL and MacOS OpenSSL doesn't have this */ +#ifdef SSL_OP_NO_COMPRESSION + ssl_opts |= SSL_OP_NO_COMPRESSION; +#endif + SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); /* @@ -82,13 +89,7 @@ static void init_ssl(void) * to speak TLSv1 to perform the encryption itself. */ git__ssl_ctx = SSL_CTX_new(SSLv23_method()); - SSL_CTX_set_options(git__ssl_ctx, - SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 - /* Older OpenSSL and MacOS OpenSSL doesn't have this */ -# ifdef SSL_OP_NO_COMPRESSION - | SSL_OP_NO_COMPRESSION -# endif - ); + SSL_CTX_set_options(git__ssl_ctx, ssl_opts); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { diff --git a/src/netops.c b/src/netops.c index adbae61c4..23e7e9d3c 100644 --- a/src/netops.c +++ b/src/netops.c @@ -276,7 +276,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) if (SSL_get_verify_result(ssl->ssl) != X509_V_OK) { giterr_set(GITERR_SSL, "The SSL certificate is invalid"); - return -1; + return GIT_ECERTIFICATE; } /* Try to parse the host as an IP address to see if it is */ diff --git a/src/unix/map.c b/src/unix/map.c index 0a235d5a1..87ee6594b 100644 --- a/src/unix/map.c +++ b/src/unix/map.c @@ -26,7 +26,7 @@ int git__page_size(size_t *page_size) int p_mmap(git_map *out, size_t len, int prot, int flags, int fd, git_off_t offset) { - int mprot = 0; + int mprot = PROT_READ; int mflag = 0; GIT_MMAP_VALIDATE(out, len, prot, flags); @@ -35,9 +35,7 @@ int p_mmap(git_map *out, size_t len, int prot, int flags, int fd, git_off_t offs out->len = 0; if (prot & GIT_PROT_WRITE) - mprot = PROT_WRITE; - else if (prot & GIT_PROT_READ) - mprot = PROT_READ; + mprot |= PROT_WRITE; if ((flags & GIT_MAP_TYPE) == GIT_MAP_SHARED) mflag = MAP_SHARED; |