1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-11-01 06:47:52 +01:00
Commit graph

151 commits

Author SHA1 Message Date
Johannes Schindelin
ef1177d18e die("bug"): report bugs consistently
The vast majority of error messages in Git's source code which report a
bug use the convention to prefix the message with "BUG:".

As part of cleaning up merge-recursive to stop die()ing except in case of
detected bugs, let's just make the remainder of the bug reports consistent
with the de facto rule.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-26 11:13:44 -07:00
Junio C Hamano
d4c6375fd8 Merge branch 'jk/common-main'
There are certain house-keeping tasks that need to be performed at
the very beginning of any Git program, and programs that are not
built-in commands had to do them exactly the same way as "git"
potty does.  It was easy to make mistakes in one-off standalone
programs (like test helpers).  A common "main()" function that
calls cmd_main() of individual program has been introduced to
make it harder to make mistakes.

* jk/common-main:
  mingw: declare main()'s argv as const
  common-main: call git_setup_gettext()
  common-main: call restore_sigpipe_to_default()
  common-main: call sanitize_stdfds()
  common-main: call git_extract_argv0_path()
  add an extra level of indirection to main()
2016-07-19 13:22:19 -07:00
Junio C Hamano
2f84df2ca0 Merge branch 'ep/http-curl-trace'
HTTP transport gained an option to produce more detailed debugging
trace.

* ep/http-curl-trace:
  imap-send.c: introduce the GIT_TRACE_CURL enviroment variable
  http.c: implement the GIT_TRACE_CURL environment variable
2016-07-06 13:38:06 -07:00
Jeff King
5ce5f5fa5a common-main: call git_setup_gettext()
This should be part of every program, as otherwise users do
not get translated error messages. However, some external
commands forgot to do so (e.g., git-credential-store). This
fixes them, and eliminates the repeated code in programs
that did remember to use it.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-01 15:09:10 -07:00
Jeff King
650c449250 common-main: call git_extract_argv0_path()
Every program which links against libgit.a must call this
function, or risk hitting an assert() in system_path() that
checks whether we have configured argv0_path (though only
when RUNTIME_PREFIX is defined, so essentially only on
Windows).

Looking at the diff, you can see that putting it into the
common main() saves us having to do it individually in each
of the external commands. But what you can't see are the
cases where we _should_ have been doing so, but weren't
(e.g., git-credential-store, and all of the t/helper test
programs).

This has been an accident-waiting-to-happen for a long time,
but wasn't triggered until recently because it involves one
of those programs actually calling system_path(). That
happened with git-credential-store in v2.8.0 with ae5f677
(lazily load core.sharedrepository, 2016-03-11). The
program:

  - takes a lock file, which...

  - opens a tempfile, which...

  - calls adjust_shared_perm to fix permissions, which...

  - lazy-loads the config (as of ae5f677), which...

  - calls system_path() to find the location of
    /etc/gitconfig

On systems with RUNTIME_PREFIX, this means credential-store
reliably hits that assert() and cannot be used.

We never noticed in the test suite, because we set
GIT_CONFIG_NOSYSTEM there, which skips the system_path()
lookup entirely.  But if we were to tweak git_config() to
find /etc/gitconfig even when we aren't going to open it,
then the test suite shows multiple failures (for
credential-store, and for some other test helpers). I didn't
include that tweak here because it's way too specific to
this particular call to be worth carrying around what is
essentially dead code.

The implementation is fairly straightforward, with one
exception: there is exactly one caller (git.c) that actually
cares about the result of the function, and not the
side-effect of setting up argv0_path. We can accommodate
that by simply replacing the value of argv[0] in the array
we hand down to cmd_main().

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-01 15:09:10 -07:00
Jeff King
3f2e2297b9 add an extra level of indirection to main()
There are certain startup tasks that we expect every git
process to do. In some cases this is just to improve the
quality of the program (e.g., setting up gettext()). In
others it is a requirement for using certain functions in
libgit.a (e.g., system_path() expects that you have called
git_extract_argv0_path()).

Most commands are builtins and are covered by the git.c
version of main(). However, there are still a few external
commands that use their own main(). Each of these has to
remember to include the correct startup sequence, and we are
not always consistent.

Rather than just fix the inconsistencies, let's make this
harder to get wrong by providing a common main() that can
run this standard startup.

We basically have two options to do this:

 - the compat/mingw.h file already does something like this by
   adding a #define that replaces the definition of main with a
   wrapper that calls mingw_startup().

   The upside is that the code in each program doesn't need
   to be changed at all; it's rewritten on the fly by the
   preprocessor.

   The downside is that it may make debugging of the startup
   sequence a bit more confusing, as the preprocessor is
   quietly inserting new code.

 - the builtin functions are all of the form cmd_foo(),
   and git.c's main() calls them.

   This is much more explicit, which may make things more
   obvious to somebody reading the code. It's also more
   flexible (because of course we have to figure out _which_
   cmd_foo() to call).

   The downside is that each of the builtins must define
   cmd_foo(), instead of just main().

This patch chooses the latter option, preferring the more
explicit approach, even though it is more invasive. We
introduce a new file common-main.c, with the "real" main. It
expects to call cmd_main() from whatever other objects it is
linked against.

We link common-main.o against anything that links against
libgit.a, since we know that such programs will need to do
this setup. Note that common-main.o can't actually go inside
libgit.a, as the linker would not pick up its main()
function automatically (it has no callers).

The rest of the patch is just adjusting all of the various
external programs (mostly in t/helper) to use cmd_main().
I've provided a global declaration for cmd_main(), which
means that all of the programs also need to match its
signature. In particular, many functions need to switch to
"const char **" instead of "char **" for argv. This effect
ripples out to a few other variables and functions, as well.

This makes the patch even more invasive, but the end result
is much better. We should be treating argv strings as const
anyway, and now all programs conform to the same signature
(which also matches the way builtins are defined).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-01 15:09:10 -07:00
Elia Pinto
73e57aaf4d imap-send.c: introduce the GIT_TRACE_CURL enviroment variable
Permit the use of the GIT_TRACE_CURL environment variable calling
the setup_curl_trace http.c helper routine.

Helped-by: Torsten Bögershausen <tboegi@web.de>
Helped-by: Ramsay Jones <ramsay@ramsayjones.plus.com>
Helped-by: Junio C Hamano <gitster@pobox.com>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-24 15:48:18 -07:00
Junio C Hamano
a0c9cf51c0 Merge branch 'ky/imap-send-openssl-1.1.0' into maint
Upcoming OpenSSL 1.1.0 will break compilation b updating a few APIs
we use in imap-send, which has been adjusted for the change.

* ky/imap-send-openssl-1.1.0:
  configure: remove checking for HMAC_CTX_cleanup
  imap-send: avoid deprecated TLSv1_method()
  imap-send: check NULL return of SSL_CTX_new()
  imap-send: use HMAC() function provided by OpenSSL
2016-05-06 14:53:24 -07:00
Junio C Hamano
33e4ec89d9 Merge branch 'ky/imap-send-openssl-1.1.0'
Upcoming OpenSSL 1.1.0 will break compilation b updating a few APIs
we use in imap-send, which has been adjusted for the change.

* ky/imap-send-openssl-1.1.0:
  configure: remove checking for HMAC_CTX_cleanup
  imap-send: avoid deprecated TLSv1_method()
  imap-send: check NULL return of SSL_CTX_new()
  imap-send: use HMAC() function provided by OpenSSL
2016-04-22 15:45:08 -07:00
Kazuki Yamaguchi
eb94ee7f0f imap-send: fix CRAM-MD5 response calculation
Remove extra + 1 from resp_len, the length of the byte sequence to be
Base64 encoded and passed to the server as the response. Or the response
incorrectly contains an extra \0.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-13 15:28:09 -07:00
Kazuki Yamaguchi
6c50a57595 imap-send: check for NOLOGIN capability only when using LOGIN command
Don't check for NOLOGIN (LOGINDISABLED) capability when imap.authMethod
is specified.

LOGINDISABLED capability doesn't forbid using AUTHENTICATE, so it should
be allowed, or we can't connect to IMAP servers which only accepts
AUTHENTICATE command.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-13 15:28:09 -07:00
Kazuki Yamaguchi
b51c0d4b4c imap-send: avoid deprecated TLSv1_method()
Use SSLv23_method always and disable SSL if needed.

TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler
emits a warning.

SSLv23_method() is also deprecated, but the alternative, TLS_method(),
is new in OpenSSL 1.1.0 so requires checking by configure. Stick to
SSLv23_method() for now (this is aliased to TLS_method()).

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-08 11:46:33 -07:00
Kazuki Yamaguchi
6738a33b31 imap-send: check NULL return of SSL_CTX_new()
SSL_CTX_new() may fail with return value NULL.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-08 11:46:22 -07:00
Kazuki Yamaguchi
1ed2c7b115 imap-send: use HMAC() function provided by OpenSSL
Fix compile errors with OpenSSL 1.1.0.

HMAC_CTX is made opaque and HMAC_CTX_cleanup is removed in OpenSSL
1.1.0. But since we just want to calculate one HMAC, we can use HMAC()
here, which exists since OpenSSL 0.9.6 at least.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-08 11:45:47 -07:00
Jeff King
3733e69464 use xmallocz to avoid size arithmetic
We frequently allocate strings as xmalloc(len + 1), where
the extra 1 is for the NUL terminator. This can be done more
simply with xmallocz, which also checks for integer
overflow.

There's no case where switching xmalloc(n+1) to xmallocz(n)
is wrong; the result is the same length, and malloc made no
guarantees about what was in the buffer anyway. But in some
cases, we can stop manually placing NUL at the end of the
allocated buffer. But that's only safe if it's clear that
the contents will always fill the buffer.

In each case where this patch does so, I manually examined
the control flow, and I tried to err on the side of caution.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-02-22 14:51:09 -08:00
Junio C Hamano
e88e424f4c Merge branch 'js/imap-send-curl-compilation-fix'
"git imap-send" did not compile well with older version of cURL library.

* js/imap-send-curl-compilation-fix:
  imap-send: only use CURLOPT_LOGIN_OPTIONS if it is actually available
2015-10-30 13:06:58 -07:00
Johannes Schindelin
71d9257525 imap-send: only use CURLOPT_LOGIN_OPTIONS if it is actually available
This fixes the compilation on an older Linux that was used to debug
test failures when upgrading Git for Windows to Git v2.3.0.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-10-26 13:10:30 -07:00
Jeff King
75faa45ae0 replace trivial malloc + sprintf / strcpy calls with xstrfmt
It's a common pattern to do:

  foo = xmalloc(strlen(one) + strlen(two) + 1 + 1);
  sprintf(foo, "%s %s", one, two);

(or possibly some variant with strcpy()s or a more
complicated length computation).  We can switch these to use
xstrfmt, which is shorter, involves less error-prone manual
computation, and removes many sprintf and strcpy calls which
make it harder to audit the code for real buffer overflows.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-25 10:18:18 -07:00
Kyle J. McKay
dcd01ea187 imap-send: use cURL automatically when NO_OPENSSL defined
If both USE_CURL_FOR_IMAP_SEND and NO_OPENSSL are defined do
not force the user to add --curl to get a working git imap-send
command.

Instead automatically select --curl and warn and ignore the
--no-curl option.  And while we're in there, correct the
warning message when --curl is requested but not supported.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-10 15:19:05 -07:00
Kyle J. McKay
230c09c06a imap-send.c: set CURLOPT_USE_SSL to CURLUSESSL_TRY
According to the cURL documentation for the CURLOPT_USE_SSL option,
it is only used with plain text protocols that get upgraded to SSL
using the STARTTLS command.

The server.use_ssl variable is only set when we are using a protocol
that is already SSL/TLS (i.e. imaps), so setting CURLOPT_USE_SSL
when the server.use_ssl variable is set has no effect whatsoever.

Instead, set CURLOPT_USE_SSL to CURLUSESSL_TRY when the server.use_ssl
variable is NOT set so that cURL will attempt to upgrade the plain
text connection to SSL/TLS using STARTTLS in that case.

This much more closely matches the behavior of the non-cURL code path.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-06 12:18:32 -08:00
Kyle J. McKay
d47e55da92 imap-send.c: support GIT_CURL_VERBOSE
When using git-imap-send to send via cURL, support setting
the GIT_CURL_VERBOSE environment variable to enable cURL's
verbose mode.

The existing http.c code already supports this and does
it by simply checking to see whether or not the environment
variable exists -- it does not examine the value at all.

For consistency, enable CURLOPT_VERBOSE when GIT_CURL_VERBOSE
is set by using the exact same test that http.c does.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-06 12:17:37 -08:00
Bernhard Reiter
1e16b255b9 git-imap-send: use libcurl for implementation
Use libcurl's high-level API functions to implement git-imap-send
instead of the previous low-level OpenSSL-based functions.

Since version 7.30.0, libcurl's API has been able to communicate with
IMAP servers. Using those high-level functions instead of the current
ones would reduce imap-send.c by some 1200 lines of code. For now,
the old ones are wrapped in #ifdefs, and the new functions are enabled
by make if curl's version is >= 7.34.0, from which version on curl's
CURLOPT_LOGIN_OPTIONS (enabling IMAP authentication) parameter has been
available. The low-level functions will still be used for tunneling
into the server for now.

As I don't have access to that many IMAP servers, I haven't been able to
test the new code with a wide variety of parameter combinations. I did
test both secure and insecure (imaps:// and imap://) connections and
values of "PLAIN" and "LOGIN" for the authMethod.

In order to suppress a sparse warning about "using sizeof on a
function", we use the same solution used in commit 9371322a6
("sparse: suppress some "using sizeof on a function" warnings",
06-10-2013) which solved exactly this problem for the other commands
using libcurl.

Helped-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
Signed-off-by: Bernhard Reiter <ockham@raz.or.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-11-10 09:17:27 -08:00
Bernhard Reiter
f1a35295c2 imap-send: use parse options API to determine verbosity
The -v/-q options were sort-of supported but without using the
parse-options API, and were not documented.

Signed-off-by: Bernhard Reiter <ockham@raz.or.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-11-05 16:24:27 -08:00
Junio C Hamano
14e2ae6126 Merge branch 'as/calloc-takes-nmemb-then-size'
Code clean-up.

* as/calloc-takes-nmemb-then-size:
  calloc() and xcalloc() takes nmemb and then size
2014-09-19 11:38:37 -07:00
Junio C Hamano
5dcdc7809e Merge branch 'br/imap-send-simplify-tunnel-child-process'
Code clean-up.

* br/imap-send-simplify-tunnel-child-process:
  imap-send: simplify v_issue_imap_cmd() and get_cmd_result() using starts_with()
  imap-send.c: imap_folder -> imap_server_conf.folder
  git-imap-send: simplify tunnel construction
2014-09-11 10:33:37 -07:00
Junio C Hamano
825fd93767 Merge branch 'rs/child-process-init'
Code clean-up.

* rs/child-process-init:
  run-command: inline prepare_run_command_v_opt()
  run-command: call run_command_v_opt_cd_env() instead of duplicating it
  run-command: introduce child_process_init()
  run-command: introduce CHILD_PROCESS_INIT
2014-09-11 10:33:27 -07:00
Junio C Hamano
554913daf4 Merge branch 'ta/config-set-2'
Update git_config() users with callback functions for a very narrow
scope with calls to config-set API that lets us query a single
variable.

* ta/config-set-2:
  builtin/apply.c: replace `git_config()` with `git_config_get_string_const()`
  merge-recursive.c: replace `git_config()` with `git_config_get_int()`
  ll-merge.c: refactor `read_merge_config()` to use `git_config_string()`
  fast-import.c: replace `git_config()` with `git_config_get_*()` family
  branch.c: replace `git_config()` with `git_config_get_string()
  alias.c: replace `git_config()` with `git_config_get_string()`
  imap-send.c: replace `git_config()` with `git_config_get_*()` family
  pager.c: replace `git_config()` with `git_config_get_value()`
  builtin/gc.c: replace `git_config()` with `git_config_get_*()` family
  rerere.c: replace `git_config()` with `git_config_get_*()` family
  fetchpack.c: replace `git_config()` with `git_config_get_*()` family
  archive.c: replace `git_config()` with `git_config_get_bool()` family
  read-cache.c: replace `git_config()` with `git_config_get_*()` family
  http-backend.c: replace `git_config()` with `git_config_get_bool()` family
  daemon.c: replace `git_config()` with `git_config_get_bool()` family
2014-09-11 10:33:26 -07:00
Junio C Hamano
c0ad561a46 Merge branch 'tf/imap-send-create'
* tf/imap-send-create:
  imap-send: create target mailbox if it is missing
  imap-send: clarify CRAM-MD5 vs LOGIN documentation
2014-09-09 12:54:09 -07:00
Arjun Sreedharan
693eb02a5e calloc() and xcalloc() takes nmemb and then size
There are a handful more instances of this in compat/regex/ but they
are borrowed code taht we do not want to touch with a change that
really affects correctness, which this change is not.

Signed-off-by: Arjun Sreedharan <arjun024@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-03 14:35:37 -07:00
René Scharfe
ba9b9e1242 imap-send: simplify v_issue_imap_cmd() and get_cmd_result() using starts_with()
Use starts_with() instead of memcmp() to check if NUL-terminated
strings match prefixes.  This gets rid of some magic string length
constants.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-02 12:26:23 -07:00
Tony Finch
e0d8e3084f imap-send: create target mailbox if it is missing
Some MUAs delete their "drafts" folder when it is empty, so
git imap-send should be able to create it if necessary.

This change checks that the folder exists immediately after
login and tries to create it if it is missing.

There was some vestigial code to handle a [TRYCREATE] response
from the server when an APPEND target is missing. However this
code never ran (the create and trycreate flags were never set)
and when I tried to make it run I found that the code had already
thrown away the contents of the message it was trying to append.

Signed-off-by: Tony Finch <dot@dotat.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-25 15:21:05 -07:00
Bernhard Reiter
3918057164 imap-send.c: imap_folder -> imap_server_conf.folder
Rename the imap_folder variable to folder and make it a member
of struct imap_server_conf.

Signed-off-by: Bernhard Reiter <ockham@raz.or.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-20 12:13:44 -07:00
René Scharfe
d318027932 run-command: introduce CHILD_PROCESS_INIT
Most struct child_process variables are cleared using memset first after
declaration.  Provide a macro, CHILD_PROCESS_INIT, that can be used to
initialize them statically instead.  That's shorter, doesn't require a
function call and is slightly more readable (especially given that we
already have STRBUF_INIT, ARGV_ARRAY_INIT etc.).

Helped-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-20 09:53:37 -07:00
Bernhard Reiter
f9dc5d65ca git-imap-send: simplify tunnel construction
Signed-off-by: Bernhard Reiter <ockham@raz.or.at>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-18 10:12:16 -07:00
Tanay Abhra
ef7e1d0cda imap-send.c: replace git_config() with git_config_get_*() family
Use `git_config_get_*()` family instead of `git_config()` to take advantage of
the config-set API which provides a cleaner control flow.

Signed-off-by: Tanay Abhra <tanayabh@gmail.com>
Reviewed-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-07 13:33:28 -07:00
Tanay Abhra
59a642f8ac imap-send: use skip_prefix instead of using magic numbers
Signed-off-by: Tanay Abhra <tanayabh@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-20 10:45:19 -07:00
Junio C Hamano
a634a6d209 Merge branch 'bg/xcalloc-nmemb-then-size'
Like calloc(3), xcalloc() takes nmemb and then size.

* bg/xcalloc-nmemb-then-size:
  transport-helper.c: rearrange xcalloc arguments
  remote.c: rearrange xcalloc arguments
  reflog-walk.c: rearrange xcalloc arguments
  pack-revindex.c: rearrange xcalloc arguments
  notes.c: rearrange xcalloc arguments
  imap-send.c: rearrange xcalloc arguments
  http-push.c: rearrange xcalloc arguments
  diff.c: rearrange xcalloc arguments
  config.c: rearrange xcalloc arguments
  commit.c: rearrange xcalloc arguments
  builtin/remote.c: rearrange xcalloc arguments
  builtin/ls-remote.c: rearrange xcalloc arguments
2014-06-16 12:17:50 -07:00
Brian Gesiak
3345c0f5b9 imap-send.c: rearrange xcalloc arguments
xcalloc() takes two arguments: the number of elements and their size.
imap_open_store() passes the arguments in reverse order, passing the
size of an imap_store*, followed by the number to allocate.

Rearrange them so they are in the correct order.

Signed-off-by: Brian Gesiak <modocache@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-27 14:02:45 -07:00
Dan Albert
791643a865 imap-send: use git-credential
git-imap-send was directly prompting for a password rather than using
git-credential. git-send-email, on the other hand, supports git-credential.

This is a necessary improvement for users that use two factor authentication, as
they should not be expected to remember all of their app specific passwords.

Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-29 10:16:46 -07:00
Christian Couder
5955654823 replace {pre,suf}fixcmp() with {starts,ends}_with()
Leaving only the function definitions and declarations so that any
new topic in flight can still make use of the old functions, replace
existing uses of the prefixcmp() and suffixcmp() with new API
functions.

The change can be recreated by mechanically applying this:

    $ git grep -l -e prefixcmp -e suffixcmp -- \*.c |
      grep -v strbuf\\.c |
      xargs perl -pi -e '
        s|!prefixcmp\(|starts_with\(|g;
        s|prefixcmp\(|!starts_with\(|g;
        s|!suffixcmp\(|ends_with\(|g;
        s|suffixcmp\(|!ends_with\(|g;
      '

on the result of preparatory changes in this series.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-05 14:13:21 -08:00
Jeremy Huddleston
3ef2bcad02 imap-send: use Apple's Security framework for base64 encoding
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.

Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-30 08:53:24 -07:00
David Aguilar
be4c828b76 imap-send: eliminate HMAC deprecation warnings on Mac OS X
As of Mac OS X 10.7, Apple deprecated all OpenSSL functions due to
OpenSSL ABI instability.  Silence the warnings by using Apple's
CommonCrypto HMAC replacement functions.

[es: reworded commit message; check APPLE_COMMON_CRYPTO instead of
abusing COMMON_DIGEST_FOR_OPENSSL]

Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-05-21 13:26:37 -07:00
Junio C Hamano
e3b3b73c6e Merge branch 'ob/imap-send-ssl-verify'
Correctly connect to SSL/TLS sites that serve multiple hostnames on
a single IP by including Server Name Indication in the client-hello.

* ob/imap-send-ssl-verify:
  imap-send: support Server Name Indication (RFC4366)
2013-03-21 14:02:40 -07:00
Junio C Hamano
698a1ec4d5 imap-send: support Server Name Indication (RFC4366)
To talk with some sites that serve multiple names on a single IP
address, the client needs to ask for the specific host that it wants
to talk to.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-20 22:01:50 -08:00
Junio C Hamano
b3600c3628 Sync with v1.8.1.4 2013-02-19 21:57:27 -08:00
Junio C Hamano
0ee7198f45 Merge branch 'ob/imap-send-ssl-verify' into maint
* ob/imap-send-ssl-verify:
  imap-send: support subjectAltName as well
  imap-send: the subject of SSL certificate must match the host
  imap-send: move #ifdef around
2013-02-19 21:54:15 -08:00
Oswald Buddenhagen
e174744ad1 imap-send: support subjectAltName as well
Check not only the common name of the certificate subject, but also
check the subject alternative DNS names as well, when verifying that
the certificate matches that of the host we are trying to talk to.

Signed-off-by: Oswald Buddenhagen <ossi@kde.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-19 21:47:22 -08:00
Oswald Buddenhagen
b62fb077d5 imap-send: the subject of SSL certificate must match the host
We did not check a valid certificate's subject at all, and would
have happily talked with a wrong host after connecting to an
incorrect address and getting a valid certificate that does not
belong to the host we intended to talk to.

Signed-off-by: Oswald Buddenhagen <ossi@kde.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-19 21:47:22 -08:00
Junio C Hamano
1e1fe52923 imap-send: move #ifdef around
Instead of adding an early return to the inside of the
ssl_socket_connect() function for NO_OPENSSL compilation, split it
into a separate stub function.

No functional change, but the next change to extend ssl_socket_connect()
will become easier to read this way.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-18 16:33:07 -08:00
Michael Haggerty
3691031cb3 imap-send.c: simplify logic in lf_to_crlf()
* The first character in the string used to be special-cased to get
  around the fact that msg->buf[i - 1] is not defined for i == 0.
  Instead, keep track of the previous character in a separate
  variable, "lastc", initialized in such a way to let the loop handle
  i == 0 correctly.

* Make the two loops over the string look as similar as possible to
  make it more obvious that the count computed in the first pass
  agrees with the true length of the new string written in the second
  pass.  As a side effect, this makes it possible to use the "j"
  counter in place of lfnum and new_len.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-01-15 14:50:23 -08:00