[libgit2.git] / debian / patches / Use-curl-for-TLS.patch

Subject: Use curl for TLS
Forwarded: no
Applied-Upstream: no
From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
Reviewed-by: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
Last-Update: 2018-05-02

The original Debian patchset was authored by Ximin Luo <infinity0@debian.org>
Original pull request https://github.com/libgit2/libgit2/pull/4325
---
 src/CMakeLists.txt    |  3 +++
 src/streams/curl.c    | 14 +++++++++++---
 src/streams/curl.h    |  2 +-
 src/streams/openssl.c |  2 +-
 src/streams/tls.c     |  2 ++
 src/transports/http.c |  2 +-
 6 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index b03b96a..2739fb5 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -124,6 +124,9 @@ ELSE ()
 
 	IF (CURL_FOUND)
 		SET(GIT_CURL 1)
+		IF (USE_CURL_SSL)
+			ADD_DEFINITIONS(-DGIT_CURL_SSL)
+		ENDIF()
 		LIST(APPEND LIBGIT2_INCLUDES ${CURL_INCLUDE_DIRS})
 		LIST(APPEND LIBGIT2_LIBDIRS ${CURL_LIBRARY_DIRS})
 		LIST(APPEND LIBGIT2_LIBS ${CURL_LIBRARIES})
diff --git a/src/streams/curl.c b/src/streams/curl.c
index ee13be1..afb3775 100644
--- a/src/streams/curl.c
+++ b/src/streams/curl.c
@@ -314,7 +314,7 @@ static void curls_free(git_stream *stream)
 	git__free(s);
 }
 
-int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted)
 {
 	curl_stream *st;
 	CURL *handle;
@@ -335,7 +335,15 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
 		return error;
 	}
 
-	curl_easy_setopt(handle, CURLOPT_URL, host);
+	if (encrypted) {
+		git_buf buf = GIT_BUF_INIT;
+		git_buf_printf(&buf, "https://%s", host);
+		curl_easy_setopt(handle, CURLOPT_URL, buf.ptr);
+		git_buf_free(&buf);
+	} else {
+		curl_easy_setopt(handle, CURLOPT_URL, host);
+	}
+
 	curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, st->curl_error);
 	curl_easy_setopt(handle, CURLOPT_PORT, iport);
 	curl_easy_setopt(handle, CURLOPT_CONNECT_ONLY, 1);
@@ -347,7 +355,7 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
 	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
 
 	st->parent.version = GIT_STREAM_VERSION;
-	st->parent.encrypted = 0; /* we don't encrypt ourselves */
+	st->parent.encrypted = encrypt; /* we don't encrypt ourselves */
 	st->parent.proxy_support = 1;
 	st->parent.connect = curls_connect;
 	st->parent.certificate = curls_certificate;
diff --git a/src/streams/curl.h b/src/streams/curl.h
index 511cd89..ac0df1c 100644
--- a/src/streams/curl.h
+++ b/src/streams/curl.h
@@ -12,6 +12,6 @@
 #include "git2/sys/stream.h"
 
 extern int git_curl_stream_global_init(void);
-extern int git_curl_stream_new(git_stream **out, const char *host, const char *port);
+extern int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted);
 
 #endif
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 9cbb274..063750f 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -607,7 +607,7 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
 
 	st->io = NULL;
 #ifdef GIT_CURL
-	error = git_curl_stream_new(&st->io, host, port);
+	error = git_curl_stream_new(&st->io, host, port, false);
 #else
 	error = git_socket_stream_new(&st->io, host, port);
 #endif
diff --git a/src/streams/tls.c b/src/streams/tls.c
index d6ca7d4..7279306 100644
--- a/src/streams/tls.c
+++ b/src/streams/tls.c
@@ -31,6 +31,8 @@ int git_tls_stream_new(git_stream **out, const char *host, const char *port)
 	return git_stransport_stream_new(out, host, port);
 #elif defined(GIT_OPENSSL)
 	return git_openssl_stream_new(out, host, port);
+#elif defined(GIT_CURL_SSL)
+	return git_curl_stream_new(out, host, port, true);
 #else
 	GIT_UNUSED(out);
 	GIT_UNUSED(host);
diff --git a/src/transports/http.c b/src/transports/http.c
index e051c8a..984be08 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -605,7 +605,7 @@ static int http_connect(http_subtransport *t)
 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
 	} else {
 #ifdef GIT_CURL
-		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
 #else
 		error = git_socket_stream_new(&t->io,  t->connection_data.host, t->connection_data.port);
 #endif
Commit	Line	Data
55fdf8e5 NBS	1	Subject: Use curl for TLS
	2	Forwarded: no
	3	Applied-Upstream: no
	4	From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
	5	Reviewed-by: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
	6	Last-Update: 2018-05-02
	7
	8	The original Debian patchset was authored by Ximin Luo <infinity0@debian.org>
27f4a70e	9	Original pull request https://github.com/libgit2/libgit2/pull/4325
55fdf8e5 NBS	10	---
	11	src/CMakeLists.txt \| 3 +++
	12	src/streams/curl.c \| 14 +++++++++++---
	13	src/streams/curl.h \| 2 +-
	14	src/streams/openssl.c \| 2 +-
	15	src/streams/tls.c \| 2 ++
	16	src/transports/http.c \| 2 +-
	17	6 files changed, 19 insertions(+), 6 deletions(-)
	18
	19	diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
	20	index b03b96a..2739fb5 100644
	21	--- a/src/CMakeLists.txt
	22	+++ b/src/CMakeLists.txt
	23	@@ -124,6 +124,9 @@ ELSE ()
	24
	25	IF (CURL_FOUND)
	26	SET(GIT_CURL 1)
	27	+ IF (USE_CURL_SSL)
	28	+ ADD_DEFINITIONS(-DGIT_CURL_SSL)
	29	+ ENDIF()
	30	LIST(APPEND LIBGIT2_INCLUDES ${CURL_INCLUDE_DIRS})
	31	LIST(APPEND LIBGIT2_LIBDIRS ${CURL_LIBRARY_DIRS})
	32	LIST(APPEND LIBGIT2_LIBS ${CURL_LIBRARIES})
	33	diff --git a/src/streams/curl.c b/src/streams/curl.c
	34	index ee13be1..afb3775 100644
	35	--- a/src/streams/curl.c
	36	+++ b/src/streams/curl.c
	37	@@ -314,7 +314,7 @@ static void curls_free(git_stream *stream)
	38	git__free(s);
	39	}
	40
	41	-int git_curl_stream_new(git_stream *out, const char host, const char *port)
	42	+int git_curl_stream_new(git_stream *out, const char host, const char *port, int encrypted)
	43	{
	44	curl_stream *st;
	45	CURL *handle;
	46	@@ -335,7 +335,15 @@ int git_curl_stream_new(git_stream *out, const char host, const char *port)
	47	return error;
	48	}
	49
	50	- curl_easy_setopt(handle, CURLOPT_URL, host);
	51	+ if (encrypted) {
	52	+ git_buf buf = GIT_BUF_INIT;
	53	+ git_buf_printf(&buf, "https://%s", host);
	54	+ curl_easy_setopt(handle, CURLOPT_URL, buf.ptr);
	55	+ git_buf_free(&buf);
	56	+ } else {
	57	+ curl_easy_setopt(handle, CURLOPT_URL, host);
	58	+ }
	59	+
	60	curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, st->curl_error);
	61	curl_easy_setopt(handle, CURLOPT_PORT, iport);
	62	curl_easy_setopt(handle, CURLOPT_CONNECT_ONLY, 1);
	63	@@ -347,7 +355,7 @@ int git_curl_stream_new(git_stream *out, const char host, const char *port)
	64	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
	65
	66	st->parent.version = GIT_STREAM_VERSION;
	67	- st->parent.encrypted = 0; /* we don't encrypt ourselves */
	68	+ st->parent.encrypted = encrypt; /* we don't encrypt ourselves */
	69	st->parent.proxy_support = 1;
	70	st->parent.connect = curls_connect;
	71	st->parent.certificate = curls_certificate;
	72	diff --git a/src/streams/curl.h b/src/streams/curl.h
	73	index 511cd89..ac0df1c 100644
74	--- a/src/streams/curl.h
75	+++ b/src/streams/curl.h
76	@@ -12,6 +12,6 @@
77	#include "git2/sys/stream.h"
78
79	extern int git_curl_stream_global_init(void);
80	-extern int git_curl_stream_new(git_stream *out, const char host, const char *port);
81	+extern int git_curl_stream_new(git_stream *out, const char host, const char *port, int encrypted);
82
83	#endif
84	diff --git a/src/streams/openssl.c b/src/streams/openssl.c
85	index 9cbb274..063750f 100644
86	--- a/src/streams/openssl.c
87	+++ b/src/streams/openssl.c
88	@@ -607,7 +607,7 @@ int git_openssl_stream_new(git_stream *out, const char host, const char *port)
89
90	st->io = NULL;
91	#ifdef GIT_CURL
92	- error = git_curl_stream_new(&st->io, host, port);
93	+ error = git_curl_stream_new(&st->io, host, port, false);
94	#else
95	error = git_socket_stream_new(&st->io, host, port);
96	#endif
97	diff --git a/src/streams/tls.c b/src/streams/tls.c
98	index d6ca7d4..7279306 100644
99	--- a/src/streams/tls.c
100	+++ b/src/streams/tls.c
101	@@ -31,6 +31,8 @@ int git_tls_stream_new(git_stream *out, const char host, const char *port)
102	return git_stransport_stream_new(out, host, port);
103	#elif defined(GIT_OPENSSL)
104	return git_openssl_stream_new(out, host, port);
105	+#elif defined(GIT_CURL_SSL)
106	+ return git_curl_stream_new(out, host, port, true);
107	#else
108	GIT_UNUSED(out);
109	GIT_UNUSED(host);
110	diff --git a/src/transports/http.c b/src/transports/http.c
111	index e051c8a..984be08 100644
112	--- a/src/transports/http.c
113	+++ b/src/transports/http.c
114	@@ -605,7 +605,7 @@ static int http_connect(http_subtransport *t)
115	error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
116	} else {
117	#ifdef GIT_CURL
118	- error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
119	+ error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
120	#else
121	error = git_socket_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
122	#endif