diff options
Diffstat (limited to 'src/netops.c')
-rw-r--r-- | src/netops.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/src/netops.c b/src/netops.c index ba1a329e0..54804d418 100644 --- a/src/netops.c +++ b/src/netops.c @@ -163,7 +163,7 @@ void gitno_buffer_setup_callback( void gitno_buffer_setup(gitno_socket *socket, gitno_buffer *buf, char *data, size_t len) { #ifdef GIT_SSL - if (socket->ssl.ctx) { + if (socket->ssl.ssl) { gitno_buffer_setup_callback(socket, buf, data, len, gitno__recv_ssl, NULL); return; } @@ -208,7 +208,6 @@ static int gitno_ssl_teardown(gitno_ssl *ssl) ret = 0; SSL_free(ssl->ssl); - SSL_CTX_free(ssl->ctx); return ret; } @@ -428,30 +427,39 @@ static int init_ssl(void) if (git__ssl_init.val) return 0; - - SSL_library_init(); - SSL_load_error_strings(); + SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); + SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); + if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { + unsigned long err = ERR_get_error(); + giterr_set(GITERR_SSL, "failed to set verify paths: %s\n", ERR_error_string(err, NULL)); + return -1; + } #ifdef GIT_THREADS { int num_locks, i; - - CRYPTO_set_locking_callback(openssl_locking_function); - num_locks = CRYPTO_num_locks(); openssl_locks = git__calloc(num_locks, sizeof(git_mutex)); + if (openssl_locks == NULL) { + git_mutex_unlock(&git__ssl_mutex); + return -1; + } + GITERR_CHECK_ALLOC(openssl_locks); + for (i = 0; i < num_locks; i++) { - if (git_mutex_init(&openssl_locks[i]) < 0) { + if (git_mutex_init(&openssl_locks[i]) != 0) { git_mutex_unlock(&git__ssl_mutex); giterr_set(GITERR_SSL, "failed to init lock %d", i); return -1; } } } + + CRYPTO_set_locking_callback(openssl_locking_function); #endif - git_atomic_set(&git__ssl_init, 1); + git_atomic_inc(&git__ssl_init); git_mutex_unlock(&git__ssl_mutex); return 0; @@ -464,16 +472,7 @@ static int ssl_setup(gitno_socket *socket, const char *host, int flags) if (init_ssl() < 0) return -1; - socket->ssl.ctx = SSL_CTX_new(SSLv23_method()); - if (socket->ssl.ctx == NULL) - return ssl_set_error(&socket->ssl, 0); - - SSL_CTX_set_mode(socket->ssl.ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_verify(socket->ssl.ctx, SSL_VERIFY_NONE, NULL); - if (!SSL_CTX_set_default_verify_paths(socket->ssl.ctx)) - return ssl_set_error(&socket->ssl, 0); - - socket->ssl.ssl = SSL_new(socket->ssl.ctx); + socket->ssl.ssl = SSL_new(git__ssl_ctx); if (socket->ssl.ssl == NULL) return ssl_set_error(&socket->ssl, 0); @@ -610,7 +609,7 @@ int gitno_send(gitno_socket *socket, const char *msg, size_t len, int flags) size_t off = 0; #ifdef GIT_SSL - if (socket->ssl.ctx) + if (socket->ssl.ssl) return gitno_send_ssl(&socket->ssl, msg, len, flags); #endif @@ -631,7 +630,7 @@ int gitno_send(gitno_socket *socket, const char *msg, size_t len, int flags) int gitno_close(gitno_socket *s) { #ifdef GIT_SSL - if (s->ssl.ctx && + if (s->ssl.ssl && gitno_ssl_teardown(&s->ssl) < 0) return -1; #endif |