Skip to content

LibGit2: Update to new NetworkOptions ca_root_locations API #58819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

LibGit2: Update to new NetworkOptions ca_root_locations API #58819

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 38 additions & 7 deletions stdlib/LibGit2/src/LibGit2.jl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1024,8 +1024,17 @@ end
@noinline function initialize()
@check ccall((:git_libgit2_init, libgit2), Cint, ())

cert_loc = NetworkOptions.ca_roots()
cert_loc !== nothing && set_ssl_cert_locations(cert_loc)
# Get the SSL backend to determine how to handle certificates
backend_ptr = @ccall libgit2.git_libgit2_feature_backend(
Consts.FEATURE_HTTPS::Cuint)::Cstring
if backend_ptr != C_NULL
ssl_backend = unsafe_string(backend_ptr)
# Only OpenSSL and mbedTLS support custom certificate locations
if ssl_backend in ("openssl", "openssl-dynamic", "mbedtls")
cert_locs = NetworkOptions.ca_root_locations()
cert_locs !== nothing && set_ssl_cert_locations(cert_locs, ssl_backend)
end
end

atexit() do
# refcount zero, no objects to be finalized
Expand All @@ -1035,13 +1044,35 @@ end
end
end

function set_ssl_cert_locations(cert_loc)

function set_ssl_cert_locations(cert_locs::Tuple{Vector{String}, Vector{String}}, ssl_backend::String)
files, dirs = cert_locs
cert_file = cert_dir = Cstring(C_NULL)
if isdir(cert_loc) # directories
cert_dir = cert_loc
else # files, /dev/null, non-existent paths, etc.
cert_file = cert_loc

# Use the first file if available
if !isempty(files)
cert_file = files[1]
if length(files) > 1
@warn "Multiple certificate files specified, using only the first: $(files[1])"
end
end

# Handle directories based on SSL backend
if !isempty(dirs)
cert_dir = if length(dirs) == 1
dirs[1]
elseif ssl_backend in ("openssl", "openssl-dynamic")
# OpenSSL supports multiple directories with delimiter
delimiter = Sys.iswindows() ? ';' : ':'
join(dirs, delimiter)
else
# mbedTLS only supports a single directory
@warn "Multiple certificate directories specified but $(ssl_backend) only supports one, using: $(dirs[1])"
dirs[1]
end
end

# Set the locations
ret = @ccall libgit2.git_libgit2_opts(
Consts.SET_SSL_CERT_LOCATIONS::Cint;
cert_file::Cstring,
Expand Down
Loading