JuliaLang · tkelman · Jul 3, 2017 · Jun 23, 2017 · Jul 3, 2017 · tkelman
diff --git a/base/libgit2/libgit2.jl b/base/libgit2/libgit2.jl
@@ -873,33 +873,13 @@ function set_ssl_cert_locations(cert_loc)
  cert_file = isfile(cert_loc) ? cert_loc : Cstring(C_NULL)
  cert_dir = isdir(cert_loc) ? cert_loc : Cstring(C_NULL)
  cert_file == C_NULL && cert_dir == C_NULL && return
- # TODO FIX https://github.com/libgit2/libgit2/pull/3935#issuecomment-253910017
- #ccall((:git_libgit2_opts, :libgit2), Cint,
- # (Cint, Cstring, Cstring),
- # Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir)
- ENV["SSL_CERT_FILE"] = cert_file
- ENV["SSL_CERT_DIR"] = cert_dir
+ @check ccall((:git_libgit2_opts, :libgit2), Cint,
+ (Cint, Cstring, Cstring),
+ Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir)
 end
 
 function __init__()
- # Look for OpenSSL env variable for CA bundle (linux only)
- # windows and macOS use the OS native security backends
- old_ssl_cert_dir = Base.get(ENV, "SSL_CERT_DIR", nothing)
- old_ssl_cert_file = Base.get(ENV, "SSL_CERT_FILE", nothing)
- @static if is_linux()
- cert_loc = if "SSL_CERT_DIR" in keys(ENV)
- ENV["SSL_CERT_DIR"]
- elseif "SSL_CERT_FILE" in keys(ENV)
- ENV["SSL_CERT_FILE"]
- else
- # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
- abspath(ccall(:jl_get_julia_home, Any, ()),Base.DATAROOTDIR,"julia","cert.pem")
- end
- set_ssl_cert_locations(cert_loc)
- end
-
- err = ccall((:git_libgit2_init, :libgit2), Cint, ())
- err > 0 || throw(ErrorException("error initializing LibGit2 module"))
+ @check ccall((:git_libgit2_init, :libgit2), Cint, ())
  REFCOUNT[] = 1
 
  atexit() do
@@ -909,21 +889,18 @@ function __init__()
  end
  end
 
+ # Look for OpenSSL env variable for CA bundle (linux only)
+ # windows and macOS use the OS native security backends
  @static if is_linux()
- if old_ssl_cert_dir != Base.get(ENV, "SSL_CERT_DIR", "")
- if old_ssl_cert_dir === nothing
- delete!(ENV, "SSL_CERT_DIR")
- else
- ENV["SSL_CERT_DIR"] = old_ssl_cert_dir
- end
- end
- if old_ssl_cert_file != Base.get(ENV, "SSL_CERT_FILE", "")
- if old_ssl_cert_file === nothing
- delete!(ENV, "SSL_CERT_FILE")
- else
- ENV["SSL_CERT_FILE"] = old_ssl_cert_file
- end
+ cert_loc = if "SSL_CERT_DIR" in keys(ENV)
+ ENV["SSL_CERT_DIR"]
+ elseif "SSL_CERT_FILE" in keys(ENV)
+ ENV["SSL_CERT_FILE"]
+ else
+ # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
+ abspath(ccall(:jl_get_julia_home, Any, ()), Base.DATAROOTDIR, "julia", "cert.pem")
  end
+ set_ssl_cert_locations(cert_loc)
  end
 end
 

diff --git a/deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/md5 b/deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/md5
@@ -0,0 +1 @@
+0d6fd3ed9265c6804349149b23ae6362
diff --git a/deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/sha512 b/deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/sha512
@@ -0,0 +1 @@
+88a8a42bb8d18a5a722938404e048266d0899362ac89fdfedfa9f71aeb90408d8d98b4d9b9ea2ff46755d0a2cd8686ff04d31e85827566e1290a9536b8b36ac8
diff --git a/deps/checksums/libgit2-2fcb8705e584ca61f6c4657525c9d2713f6a39d2.tar.gz/md5 b/deps/checksums/libgit2-2fcb8705e584ca61f6c4657525c9d2713f6a39d2.tar.gz/md5
diff --git a/deps/checksums/libgit2-2fcb8705e584ca61f6c4657525c9d2713f6a39d2.tar.gz/sha512 b/deps/checksums/libgit2-2fcb8705e584ca61f6c4657525c9d2713f6a39d2.tar.gz/sha512
diff --git a/deps/libgit2.mk b/deps/libgit2.mk
@@ -37,7 +37,7 @@ LIBGIT2_OPTS += -DCURL_INCLUDE_DIRS=$(build_includedir) -DCURL_LIBRARIES="-L$(bu
 endif
 
 ifeq ($(OS),Linux)
-LIBGIT2_OPTS += -DUSE_OPENSSL=OFF -DUSE_MBEDTLS=ON -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
+LIBGIT2_OPTS += -DUSE_HTTPS=ON -DTLS_BACKEND="mbedTLS" -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
 endif
 ifeq ($(OS),FreeBSD)
 LIBGIT2_OPTS += -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
@@ -78,29 +78,14 @@ $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/so
  patch -p1 -f < $(SRCDIR)/patches/libgit2-agent-nonfatal.patch
  echo 1 > $@
 
-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied
- cd $(LIBGIT2_SRC_PATH) && \
- patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-writer-fix.patch
- echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied
+$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied
  cd $(LIBGIT2_SRC_PATH) && \
  patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-verify.patch
  echo 1 > $@
 
-$(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied
- cd $(LIBGIT2_SRC_PATH) && \
- patch -p1 -f < $(SRCDIR)/patches/libgit2-gitconfig-symlink.patch
- echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied
- cd $(LIBGIT2_SRC_PATH) && \
- patch -p1 -f < $(SRCDIR)/patches/libgit2-free-config.patch
- echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-remote-push-NULL.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied
+$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied
  cd $(LIBGIT2_SRC_PATH) && \
- patch -p1 -f < $(SRCDIR)/patches/libgit2-remote-push-NULL.patch
+ patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-fixup.patch
  echo 1 > $@
 
 $(build_datarootdir)/julia/cert.pem: $(CERTFILE)
@@ -111,11 +96,8 @@ $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \
  $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied \
  $(LIBGIT2_SRC_PATH)/libgit2-ssh.patch-applied \
  $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied \
- $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied \
  $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied \
- $(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied \
- $(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied \
- $(LIBGIT2_SRC_PATH)/libgit2-remote-push-NULL.patch-applied
+ $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied
 
 ifneq ($(CERTFILE),)
 $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(build_datarootdir)/julia/cert.pem

diff --git a/deps/libgit2.version b/deps/libgit2.version
@@ -1,2 +1,2 @@
-LIBGIT2_BRANCH=v0.25.1
-LIBGIT2_SHA1=2fcb8705e584ca61f6c4657525c9d2713f6a39d2
+LIBGIT2_BRANCH=v0.26.0
+LIBGIT2_SHA1=15e119375018fba121cf58e02a9f17fe22df0df8
diff --git a/deps/patches/libgit2-free-config.patch b/deps/patches/libgit2-free-config.patch
diff --git a/deps/patches/libgit2-gitconfig-symlink.patch b/deps/patches/libgit2-gitconfig-symlink.patch
diff --git a/deps/patches/libgit2-mbedtls-fixup.patch b/deps/patches/libgit2-mbedtls-fixup.patch
@@ -0,0 +1,70 @@
+commit de8721ae70dfae529fdb50224a47eadf6d29c574
+Author: Curtis Vogt <[email protected]>
+Date: Thu Jun 29 16:31:08 2017 -0500
+
+ Corrections to mbedtls support with LibGit2 0.26.0
+
+diff --git a/src/settings.c b/src/settings.c
+index 3a46f0d..4d976a0 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -179,14 +179,18 @@ int git_libgit2_opts(int key, ...)
+ const char *path = va_arg(ap, const char *);
+ error = git_openssl_set_cert_file(file, path);
+ }
+-#elif GIT_MBEDTLS
++#elif defined(GIT_MBEDTLS)
+ {
+ const char *file = va_arg(ap, const char *);
+ const char *path = va_arg(ap, const char *);
+- if (file)
++ if (file) {
+ error = git_mbedtls_set_cert_file(file, 0);
+- if (error && path)
+- error = git_mbedtls_set_cert_file(path, 0);
++ } else if (path) {
++ error = git_mbedtls_set_cert_file(path, 1);
++ } else {
++ giterr_set(GITERR_NET, "cannot set certificate locations: no file or path given");
++ error = -1;
++ }
+ }
+ #else
+ giterr_set(GITERR_NET, "cannot set certificate locations: OpenSSL or mbedTLS is not enabled");
+diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
+index e456ea8..b4eb991 100644
+--- a/src/streams/mbedtls.c
++++ b/src/streams/mbedtls.c
+@@ -205,12 +205,12 @@ static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
+ break;
+
+ case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
+- giterr_set(GITERR_SSL, "SSL error: %x[%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
++ giterr_set(GITERR_SSL, "SSL error: 0x%04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
+ ret = GIT_ECERTIFICATE;
+ break;
+
+ default:
+- giterr_set(GITERR_SSL, "SSL error: %x - %s", error, errbuf);
++ giterr_set(GITERR_SSL, "SSL error: 0x%04x - %s", error, errbuf);
+ }
+
+ return ret;
+@@ -236,7 +236,7 @@ static int verify_server_cert(mbedtls_ssl_context *ssl, const char *host)
+ if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) {
+ char vrfy_buf[512];
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret);
+- giterr_set(GITERR_SSL, "The SSL certificate is invalid: %x - %s", ret, vrfy_buf);
++ giterr_set(GITERR_SSL, "The SSL certificate is invalid: 0x%04x - %s", ret, vrfy_buf);
+ return GIT_ECERTIFICATE;
+ }
+
+@@ -430,7 +430,7 @@ int git_mbedtls_set_cert_file(const char *path, int is_dir)
+ ret = mbedtls_x509_crt_parse_file(cacert, path);
+ }
+ // mbedtls_x509_crt_parse_path returns the number of invalid certs on success
+- if (ret <= 0) {
++ if (ret < 0) {
+ mbedtls_x509_crt_free(cacert);
+ git__free(cacert);
+ mbedtls_strerror( ret, errbuf, 512 );