Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SecureTransport on OS X #2997

Merged
merged 8 commits into from Apr 23, 2015
Merged

Use SecureTransport on OS X #2997

merged 8 commits into from Apr 23, 2015

Conversation

carlosmn
Copy link
Member

Apple provides a TLS communication library which is included with the OS, thead-safe by itself and generally a better sport than OpenSSL.

Custom certificate checking is still not implemented, but the other clone tests do work.

  • Get certificate extraction working
  • Better message in CMake about finding the frameworks
  • Rename GIT_SSL to GIT_OPENSSL as that's what it really means
  • Don't fail a handshake automatically on bad certificate

@carlosmn
Copy link
Member Author

I'm pretty happy about not linking against OpenSSL at all.

% otool -L libgit2.dylib                                     
libgit2.dylib:
        /Users/carlos/git/libgit2/libgit2.22.dylib (compatibility version 22.0.0, current version 0.22.0)
        /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
        /System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 55471.14.27)
        /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 855.17.0)
        /usr/local/lib/libssh2.1.dylib (compatibility version 2.0.0, current version 2.1.0)
        /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1197.1.1)

@carlosmn carlosmn mentioned this pull request Mar 18, 2015
Closed
@carlosmn
Copy link
Member Author

@Therzok
Copy link
Member

Therzok commented Mar 19, 2015

So many ❤️ for you.

@carlosmn carlosmn force-pushed the cmn/secure-transport branch 2 times, most recently from 4c7c9d4 to a077587 Compare March 19, 2015 09:03
@carlosmn
Copy link
Member Author

There is still of course libssh2 which will still link against openssl, so we're not quite free of threading nonsense yet, but someone was trying to upstream a SecureTransport version.

@carlosmn carlosmn force-pushed the cmn/secure-transport branch 2 times, most recently from 343d202 to f9b38af Compare March 19, 2015 11:23
@carlosmn carlosmn changed the title [WIP] Use SecureTransport on OS X Use SecureTransport on OS X Mar 19, 2015
@ethomson
Copy link
Member

Man, I'm excited about having this. Very clean implementation.

@Therzok
Copy link
Member

Therzok commented Mar 19, 2015

@carlosmn
Copy link
Member Author

@Therzok @nulltoken btw you should be able to write an implementation of the git_stream interface in C# so you use a managed TLS stream and don't have to worry about what's available in the OS since the runtime would take care of it (part of the reason for writing this layer was to allow making the use of OpenSSL by libgit2 irrelevant by letting the bindings bypass it).

@Therzok
Copy link
Member

Therzok commented Mar 23, 2015

@nulltoken Should we make the magic happen?

@Therzok
Copy link
Member

Therzok commented Mar 23, 2015

@carlosmn I can see the definition, but can't find where to hook it. Any tips?

@carlosmn
Copy link
Member Author

That function doesn't exist yet, as that depends on git_tls_stream_new() abstracting away the actual implementation first, which I only got around to in this PR.

My idea was to have a function like git_tls_stream_set() (or better name) which would set some global variable and then git_tls_stream_new() would look into that variable and call your constructor instead of the OpenSSL or SecureTransport one.

@Therzok
Copy link
Member

Therzok commented Mar 23, 2015

Lgtm 👍

git_tls_stream_set_factory()?

@carlosmn carlosmn force-pushed the cmn/secure-transport branch 3 times, most recently from 262dcf5 to b50f0cd Compare April 13, 2015 14:16
ethomson
ethomson reviewed Apr 17, 2015
View reviewed changes
src/stransport_stream.c
return -1;
}

if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this fails, is it possible for trust to remain unset (and then we subsequently try to CFRelease it at line 81)? Which is to say should trust have a default?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, it should be SecTrustRef trust = NULL.

@ethomson
Copy link
Member

This looks great to me (aside from that one question). VERY EXCITED FOR THIS.

@carlosmn
Add a SecureTransport TLS channel
6bb54cb 
As an alternative to OpenSSL when we're on OS X. This one can actually
take advantage of stacking the streams.
@carlosmn
Abstract away the TLS stream implementation
6946a3b 
Instead, provide git_tls_stream_new() to ask for the most appropriate
encrypted stream and use it in our HTTP transport.
@carlosmn
Silence unused warnings when not using OpenSSL
70b852c
@carlosmn
Rename GIT_SSL to GIT_OPENSSL
24e53d2 
This is what it's meant all along, but now we actually have multiple
implementations, it's clearer to use the name of the library.
@carlosmn
SecureTransport: allow overriding a bad certificate
b7e1c81 
Do not automatically fail on a bad certificate, but let the caller
decide. This means we don't need our switch on errors anymore but can
return a string representation from the security framework.
@carlosmn
Update THREADING and CHANGELOG with SecureTransport details
85247df
@carlosmn
SecureTransport: require TLS v1.x
65ac7dd 
Anything SSL is deprecated. Let's make sure we don't try to use SSL v3
when talking to the server.
@carlosmn
SecureTransport: handle graceful closes
44b769e 
On close, we might get a return code which looks like an error but just
means that the other side closed gracefully. Handle that.
@ethomson
Copy link
Member

e8nzc

@ethomson
Copy link
Member

giphy

@ethomson
Copy link
Member

animated

ethomson added a commit that referenced this pull request Apr 23, 2015
@ethomson
Merge pull request #2997 from libgit2/cmn/secure-transport
dbb4595 
Use SecureTransport on OS X
@ethomson ethomson merged commit dbb4595 into master Apr 23, 2015
@ethomson
Copy link
Member

We have successfully eliminated the scourge of OpenSSL on another platform. All thanks be to @carlosmn .

@carlosmn carlosmn deleted the cmn/secure-transport branch April 26, 2015 00:53
@joshaber joshaber mentioned this pull request Apr 28, 2015
Merged
@carlosmn carlosmn mentioned this pull request May 4, 2015
Closed
@phatblat phatblat mentioned this pull request Aug 8, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@carlosmn @Therzok @ethomson