]> git.proxmox.com Git - libgit2.git/commitdiff
projects / libgit2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 85247df)
SecureTransport: require TLS v1.x
authorCarlos Martín Nieto <cmn@dwim.me>
Tue, 24 Mar 2015 15:31:51 +0000 (16:31 +0100)
committerCarlos Martín Nieto <cmn@dwim.me>
Thu, 23 Apr 2015 15:43:44 +0000 (17:43 +0200)
Anything SSL is deprecated. Let's make sure we don't try to use SSL v3
when talking to the server.

src/stransport_stream.c patch | blob | blame | history

diff --git a/src/stransport_stream.c b/src/stransport_stream.c
index 644a5a7c20c2f9c913d722ad5cbd08aae8c2abec..db993ffb751450e9c4b9ddd47c891140a010facc 100644 (file)
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -225,6 +225,8 @@ int git_stransport_stream_new(git_stream **out, const char *host, const char *po
        if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr ||
            (ret = SSLSetConnection(st->ctx, st->io)) != noErr ||
            (ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr ||
+           (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr ||
+           (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr ||
            (ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) {
                git_stream_free((git_stream *)st);
                return stransport_error(ret);
The git library used in some Proxmox tool chains