Use OpenSSL environment variables SSL_CERT_FILE and SSL_CERT_DIR

to use to point libgit2 to specific bundle of trusted CA certificates. Relates to: JuliaLang#13399, JuliaLang#15128
wildart · Mar 13, 2016 · 2a59c5f · 2a59c5f
1 parent 264f856
commit 2a59c5f
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 8 deletions.
diff --git a/base/libgit2.jl b/base/libgit2.jl
@@ -498,10 +498,13 @@ function transact(f::Function, repo::GitRepo)
     end
 end
 
-function set_ssl_cert_locations(cert_file)
-    GIT_OPT_SET_SSL_CERT_LOCATIONS = 12
-    ccall((:git_libgit2_opts, :libgit2), Cint, (Cint, Cstring, Ptr{Void}),
-                        GIT_OPT_SET_SSL_CERT_LOCATIONS, cert_file, C_NULL)
+function set_ssl_cert_locations(cert_loc)
+    cert_file = isfile(cert_loc) ? cert_loc : Cstring(C_NULL)
+    cert_dir  = isdir(cert_loc) ? cert_loc : Cstring(C_NULL)
+    cert_file == C_NULL && cert_dir == C_NULL && return
+    ccall((:git_libgit2_opts, :libgit2), Cint,
+          (Cint, Cstring, Cstring),
+          Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir)
 end
 
 function __init__()
@@ -511,11 +514,16 @@ function __init__()
         ccall((:git_libgit2_shutdown, :libgit2), Cint, ())
     end
 
-    # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
-    cert_file = abspath(ccall(:jl_get_julia_home, Any, ()),Base.DATAROOTDIR,"julia","cert.pem")
-    if isfile(cert_file)
-        set_ssl_cert_locations(cert_file)
+    # Look for OpenSSL env variable for CA bundle
+    cert_loc = if "SSL_CERT_DIR" in keys(ENV)
+        ENV["SSL_CERT_DIR"]
+    elseif "SSL_CERT_FILE" in keys(ENV)
+        ENV["SSL_CERT_FILE"]
+    else
+        # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
+        abspath(ccall(:jl_get_julia_home, Any, ()),Base.DATAROOTDIR,"julia","cert.pem")
     end
+    set_ssl_cert_locations(cert_loc)
 end
 
 

diff --git a/base/libgit2/consts.jl b/base/libgit2/consts.jl
@@ -291,4 +291,24 @@ These priority levels correspond to the natural escalation logic (from higher to
                       CONFIG_LEVEL_LOCAL   = 4,
                       CONFIG_LEVEL_APP     = 5,
                       CONFIG_HIGHEST_LEVEL =-1)
+
+    """
+Global library options.
+
+These are used to select which global option to set or get and are used in `git_libgit2_opts()`.
+    """
+    @enum(GIT_OPT,  GET_MWINDOW_SIZE         = 0,
+                    SET_MWINDOW_SIZE         = 1,
+                    GET_MWINDOW_MAPPED_LIMIT = 2,
+                    SET_MWINDOW_MAPPED_LIMIT = 3,
+                    GET_SEARCH_PATH          = 4,
+                    SET_SEARCH_PATH          = 5,
+                    SET_CACHE_OBJECT_LIMIT   = 6,
+                    SET_CACHE_MAX_SIZE       = 7,
+                    ENABLE_CACHING           = 8,
+                    GET_CACHED_MEMORY        = 9,
+                    GET_TEMPLATE_PATH        = 10,
+                    SET_TEMPLATE_PATH        = 11,
+                    SET_SSL_CERT_LOCATIONS   = 12)
+
 end