-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
LibGit2: improve error when CA root cert can't be set (#38827)
This also fixes an insecure behavior: even if `set_ssl_cert_locations` failed, `REFCOUNT` was still incremented, which meant that subsequent calls to `ensure_initialized` didn't call `initialize` and so there was never a successful call to `set_ssl_cert_locations`. Without this libgit2 defaults to not verifying host identities and that is insecure. To prevent this, this patch locks on `ensure_initialized` and decrements `REFCOUNT` if initialize throws an error, ensuring that `initialize` succeeds at least once, including the call to `set_ssl_cert_locations`. (cherry picked from commit 4dede6d)
- Loading branch information
1 parent
acb2c56
commit 687904e
Showing
4 changed files
with
120 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# This file is a part of Julia. License is MIT: https://julialang.org/license | ||
|
||
module Test_LibGit2_https | ||
|
||
using Test, LibGit2, NetworkOptions | ||
|
||
# we currently use system SSL/TLS on macOS and Windows platforms | ||
# and libgit2 cannot set the CA roots path on those systems | ||
# if that changes, this may need to be adjusted | ||
const CAN_SET_CA_ROOTS_PATH = !Sys.isapple() && !Sys.iswindows() | ||
|
||
@testset "empty CA roots file" begin | ||
# these fail for different reasons on different platforms: | ||
# - on Apple & Windows you cannot set the CA roots path location | ||
# - on Linux & FreeBSD you you can but these are invalid files | ||
ENV["JULIA_SSL_CA_ROOTS_PATH"] = "/dev/null" | ||
@test_throws LibGit2.GitError LibGit2.ensure_initialized() | ||
ENV["JULIA_SSL_CA_ROOTS_PATH"] = tempname() | ||
@test_throws LibGit2.GitError LibGit2.ensure_initialized() | ||
# test that it still fails if called a second time | ||
@test_throws LibGit2.GitError LibGit2.ensure_initialized() | ||
if !CAN_SET_CA_ROOTS_PATH | ||
# test that this doesn't work on macOS & Windows | ||
ENV["JULIA_SSL_CA_ROOTS_PATH"] = NetworkOptions.bundled_ca_roots() | ||
@test_throws LibGit2.GitError LibGit2.ensure_initialized() | ||
delete!(ENV, "JULIA_SSL_CA_ROOTS_PATH") | ||
@test LibGit2.ensure_initialized() === nothing | ||
end | ||
end | ||
|
||
if CAN_SET_CA_ROOTS_PATH | ||
@testset "non-empty but bad CA roots file" begin | ||
# should still be possible to initialize | ||
ENV["JULIA_SSL_CA_ROOTS_PATH"] = joinpath(@__DIR__, "bad_ca_roots.pem") | ||
@test LibGit2.ensure_initialized() === nothing | ||
end | ||
mktempdir() do dir | ||
repo_url = "https://github.com/JuliaLang/Example.jl" | ||
@testset "HTTPS clone with bad CA roots fails" begin | ||
repo_path = joinpath(dir, "Example.HTTPS") | ||
c = LibGit2.CredentialPayload(allow_prompt=false, allow_git_helpers=false) | ||
redirect_stderr(devnull) | ||
err = try LibGit2.clone(repo_url, repo_path, credentials=c) | ||
catch err | ||
err | ||
end | ||
@test err isa LibGit2.GitError | ||
@test err.msg == "user rejected certificate for github.com" | ||
end | ||
end | ||
end | ||
|
||
end # module |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIDtDCCApwCCQDeWk9ywtjrpTANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMC | ||
VVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEnMCUGA1UE | ||
CgweVGhlIEp1bGlhIFByb2dyYW1taW5nIExhbmd1YWdlMRYwFAYDVQQDDA1qdWxp | ||
YWxhbmcub3JnMSUwIwYJKoZIhvcNAQkBFhZzZWN1cml0eUBqdWxpYWxhbmcub3Jn | ||
MB4XDTIwMTIxMTE3NTgxN1oXDTI1MTIxMDE3NTgxN1owgZsxCzAJBgNVBAYTAlVT | ||
MREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxJzAlBgNVBAoM | ||
HlRoZSBKdWxpYSBQcm9ncmFtbWluZyBMYW5ndWFnZTEWMBQGA1UEAwwNanVsaWFs | ||
YW5nLm9yZzElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAanVsaWFsYW5nLm9yZzCC | ||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCFgRMFlNGIgmZtMzR+Xx+t | ||
cPXpYnw9sZXlGy4y+P+UVW5rnFtf+OL4WkcJykmL3n/iLBKpdrndhzL7zuc6lGVv | ||
G6u+Gvwg5uCZ4RqiFSPP9xK7tl7H+CwrtWL/2vF1wlYC228A+NMpPyQw4XtX1L8G | ||
xAvJbFz8JrJ+WH1wCmVpkxA6pnpK+DZ/QKPVwa/qhB80ur3bYwlHXWwDBf8bq98f | ||
7wDBpJoEc3IG3GYopP6ie5KTENKxbDZjr306ZuxTLjXKrAE/OJkAiGKJ7gPlwT/E | ||
kFI/x/No9Y/fPWFRGiFo2L4fhP2Mohcph3PQswFKfnQlMQzztetDKWCZveB5HisC | ||
AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqAaFA93Q3VWWKAZBqORT+6N2iHDiOxMu | ||
Ol8Jjqp3Spj552NbyPPpfF2a2Q/Bh2ZAmncCoGTpuXdnowSHyXuxPey6BIvEbq0L | ||
FizTNuIzaA95fO/ce9LNujxliDHhKMJBZtCqBJYJ4dgd9sA4/LeAG/P3ltIY6K8P | ||
22AAx2bzWbeRJSqxeBodm19rOb9Yz2SOaZIam42E+xia+hsUFdGf6Zkfpa02azDm | ||
93EjS+DwapqxAKgkps6JuKqpRFdZd8QsVmgAcapnIt77w8sfBu9eyITF/Tm+MA8k | ||
IRieSypM7TK0jQ6QrNV7FKSI6eEPaqWBMwkLg3S5H6KQMntVRlcc0A== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters