#include <ctype.h>
-#include "global.h"
+#include "runtime.h"
#include "stream.h"
#include "streams/socket.h"
#include "netops.h"
}
}
-int git_mbedtls__set_cert_location(const char *path, int is_dir);
-
int git_mbedtls_stream_global_init(void)
{
int loaded = 0;
/* load default certificates */
if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
- loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0);
+ loaded = (git_mbedtls__set_cert_location(crtpath, NULL) == 0);
if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
- loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0);
-
- git__on_shutdown(shutdown_ssl);
+ loaded = (git_mbedtls__set_cert_location(NULL, crtpath) == 0);
- return 0;
+ return git_runtime_shutdown_register(shutdown_ssl);
cleanup:
mbedtls_ctr_drbg_free(ctr_drbg);
char errbuf[512];
int ret = -1;
- assert(error != MBEDTLS_ERR_SSL_WANT_READ);
- assert(error != MBEDTLS_ERR_SSL_WANT_WRITE);
+ GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_READ);
+ GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_WRITE);
if (error != 0)
mbedtls_strerror( error, errbuf, 512 );
git_stream *stream;
int error;
- assert(out && host && port);
+ GIT_ASSERT_ARG(out);
+ GIT_ASSERT_ARG(host);
+ GIT_ASSERT_ARG(port);
if ((error = git_socket_stream_new(&stream, host, port)) < 0)
return error;
return error;
}
-int git_mbedtls__set_cert_location(const char *path, int is_dir)
+int git_mbedtls__set_cert_location(const char *file, const char *path)
{
int ret = 0;
char errbuf[512];
mbedtls_x509_crt *cacert;
- assert(path != NULL);
+ GIT_ASSERT_ARG(file || path);
cacert = git__malloc(sizeof(mbedtls_x509_crt));
GIT_ERROR_CHECK_ALLOC(cacert);
mbedtls_x509_crt_init(cacert);
- if (is_dir) {
+ if (file)
+ ret = mbedtls_x509_crt_parse_file(cacert, file);
+ if (ret >= 0 && path)
ret = mbedtls_x509_crt_parse_path(cacert, path);
- } else {
- ret = mbedtls_x509_crt_parse_file(cacert, path);
- }
/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
if (ret < 0) {
mbedtls_x509_crt_free(cacert);