Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
LibGit2: improve error when CA root cert can't be set
This also fixes an insecure behavior: even if `set_ssl_cert_locations` failed, `REFCOUNT` was still incremented, so subsequent calls to `ensure_initialized` didn't call `initialize` and so there is never a successful call to `set_ssl_cert_locations`. Without this libgit2 defaults to not verifying host identities, which is insecure. To prevent this, this patch locks on `ensure_initialized` and decrements `REFCOUNT` if initialize throws an error, ensuring that `initialize` succeeds at least once, including the call to `set_ssl_cert_locations`.
- Loading branch information