diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lpm.c | 15 | ||||
-rw-r--r-- | src/lpm.lua | 23 |
2 files changed, 18 insertions, 20 deletions
@@ -352,9 +352,7 @@ static int lpm_init(lua_State* L) { return 0; } -static int no_verify_ssl = 0; -static int has_setup_ssl = 0; -static int print_trace = 0; +static int no_verify_ssl, has_setup_ssl, print_trace; static mbedtls_x509_crt x509_certificate; static mbedtls_entropy_context entropy_context; static mbedtls_ctr_drbg_context drbg_context; @@ -362,7 +360,7 @@ static mbedtls_ssl_config ssl_config; static mbedtls_ssl_context ssl_context; static int lpm_git_transport_certificate_check_cb(struct git_cert *cert, int valid, const char *host, void *payload) { - return 0; + return 0; // If no_verify_ssl is enabled, basically always return 0 when this is set as callback. } static int lpm_fetch(lua_State* L) { @@ -425,8 +423,7 @@ static void lpm_libgit2_debug(git_trace_level_t level, const char *msg) { } static int lpm_trace(lua_State* L) { - int trace = lua_toboolean(L, 1); - print_trace = trace ? 1 : 0; + print_trace = lua_toboolean(L, 1) ? 1 : 0; return 0; } @@ -818,12 +815,12 @@ static int lpm_get(lua_State* L) { } lua_newtable(L); cleanup: - if (ssl_ctx) { + if (ssl_ctx) mbedtls_ssl_free(ssl_ctx); + if (net_ctx) mbedtls_net_free(net_ctx); - } else if (s != -2) { + if (s != -2) close(s); - } if (err[0]) return luaL_error(L, "%s", err); return 2; diff --git a/src/lpm.lua b/src/lpm.lua index 10d4022..03e0b76 100644 --- a/src/lpm.lua +++ b/src/lpm.lua @@ -1515,7 +1515,7 @@ xpcall(function() local ARGS = parse_arguments(ARGV, { json = "flag", userdir = "string", cachedir = "string", version = "flag", verbose = "flag", quiet = "flag", version = "string", ["mod-version"] = "string", remotes = "flag", help = "flag", - remotes = "flag", ssl_certs = "string", force = "flag", arch = "string", ["assume-yes"] = "flag", + remotes = "flag", ["ssl-certs"] = "string", force = "flag", arch = "string", ["assume-yes"] = "flag", ["install-optional"] = "flag", datadir = "string", binary = "string", trace = "flag" }) if ARGS["version"] then @@ -1526,7 +1526,7 @@ xpcall(function() io.stderr:write([[ Usage: lpm COMMAND [...ARGUMENTS] [--json] [--userdir=directory] [--cachedir=directory] [--quiet] [--version] [--help] [--remotes] - [--ssl_certs=directory/file] [--force] [--arch=]] .. _G.ARCH .. [[] + [--ssl-certs=directory/file] [--force] [--arch=]] .. _G.ARCH .. [[] [--assume-yes] [--no-install-optional] [--verbose] [--mod-version=3] [--datadir=directory] [--binary=path] [--post] @@ -1607,7 +1607,7 @@ Flags have the following effects: --mod-version Sets the mod version of lite-xl to install plugins. --version Returns version information. --help Displays this help text. - --ssl_certs Sets the SSL certificate store. Can be a directory, + --ssl-certs Sets the SSL certificate store. Can be a directory, or path to a certificate bundle. --arch Sets the architecture (default: ]] .. _G.ARCH .. [[). --assume-yes Ignores any prompts, and automatically answers yes @@ -1628,7 +1628,7 @@ in any circumstance unless explicitly supplied. binaries if there is a native compilation step. --remotes Automatically adds any specified remotes in the repository to the end of the resolution list. - --ssl_certs=noverify Ignores SSL certificate validation. Opens you up to + --ssl-certs=noverify Ignores SSL certificate validation. Opens you up to man-in-the-middle attacks. ]] ) @@ -1658,15 +1658,16 @@ in any circumstance unless explicitly supplied. repositories = {} if ARGS[2] == "purge" then return lpm_purge() end - if ARGS["ssl_certs"] then - if ARGS["ssl_certs"] == "noverify" then + local ssl_certs = ARGS["ssl-certs"] or os.getenv("SSL_CERT_DIR") or os.getenv("SSL_CERT_FILE") + if ssl_certs then + if ssl_certs == "noverify" then system.certs("noverify") else - local stat = system.stat(ARGS["ssl_certs"]) - if not stat then error("can't find " .. ARGS["ssl_certs"]) end - system.certs(stat.type, ARGS["ssl_certs"]) + local stat = system.stat(ssl_certs) + if not stat then error("can't find " .. ssl_certs) end + system.certs(stat.type, ssl_certs) end - elseif not os.getenv("SSL_CERT_DIR") and not os.getenv("SSL_CERT_FILE") then + else local paths = { -- https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux#comment1155804_62500 "/etc/ssl/certs/ca-certificates.crt", -- Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", -- Fedora/RHEL 6 @@ -1694,7 +1695,7 @@ in any circumstance unless explicitly supplied. break end end - if not has_certs then error("can't find your system's SSL ceritficates; please specify specify a certificate bundle or certificate directory with --ssl_certs") end + if not has_certs then error("can't autodetect your system's SSL ceritficates; please specify specify a certificate bundle or certificate directory with --ssl-certs") end end end |