aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lpm.c15
-rw-r--r--src/lpm.lua23
2 files changed, 18 insertions, 20 deletions
diff --git a/src/lpm.c b/src/lpm.c
index 7d1b4a9..21012ca 100644
--- a/src/lpm.c
+++ b/src/lpm.c
@@ -352,9 +352,7 @@ static int lpm_init(lua_State* L) {
return 0;
}
-static int no_verify_ssl = 0;
-static int has_setup_ssl = 0;
-static int print_trace = 0;
+static int no_verify_ssl, has_setup_ssl, print_trace;
static mbedtls_x509_crt x509_certificate;
static mbedtls_entropy_context entropy_context;
static mbedtls_ctr_drbg_context drbg_context;
@@ -362,7 +360,7 @@ static mbedtls_ssl_config ssl_config;
static mbedtls_ssl_context ssl_context;
static int lpm_git_transport_certificate_check_cb(struct git_cert *cert, int valid, const char *host, void *payload) {
- return 0;
+ return 0; // If no_verify_ssl is enabled, basically always return 0 when this is set as callback.
}
static int lpm_fetch(lua_State* L) {
@@ -425,8 +423,7 @@ static void lpm_libgit2_debug(git_trace_level_t level, const char *msg) {
}
static int lpm_trace(lua_State* L) {
- int trace = lua_toboolean(L, 1);
- print_trace = trace ? 1 : 0;
+ print_trace = lua_toboolean(L, 1) ? 1 : 0;
return 0;
}
@@ -818,12 +815,12 @@ static int lpm_get(lua_State* L) {
}
lua_newtable(L);
cleanup:
- if (ssl_ctx) {
+ if (ssl_ctx)
mbedtls_ssl_free(ssl_ctx);
+ if (net_ctx)
mbedtls_net_free(net_ctx);
- } else if (s != -2) {
+ if (s != -2)
close(s);
- }
if (err[0])
return luaL_error(L, "%s", err);
return 2;
diff --git a/src/lpm.lua b/src/lpm.lua
index 10d4022..03e0b76 100644
--- a/src/lpm.lua
+++ b/src/lpm.lua
@@ -1515,7 +1515,7 @@ xpcall(function()
local ARGS = parse_arguments(ARGV, {
json = "flag", userdir = "string", cachedir = "string", version = "flag", verbose = "flag",
quiet = "flag", version = "string", ["mod-version"] = "string", remotes = "flag", help = "flag",
- remotes = "flag", ssl_certs = "string", force = "flag", arch = "string", ["assume-yes"] = "flag",
+ remotes = "flag", ["ssl-certs"] = "string", force = "flag", arch = "string", ["assume-yes"] = "flag",
["install-optional"] = "flag", datadir = "string", binary = "string", trace = "flag"
})
if ARGS["version"] then
@@ -1526,7 +1526,7 @@ xpcall(function()
io.stderr:write([[
Usage: lpm COMMAND [...ARGUMENTS] [--json] [--userdir=directory]
[--cachedir=directory] [--quiet] [--version] [--help] [--remotes]
- [--ssl_certs=directory/file] [--force] [--arch=]] .. _G.ARCH .. [[]
+ [--ssl-certs=directory/file] [--force] [--arch=]] .. _G.ARCH .. [[]
[--assume-yes] [--no-install-optional] [--verbose] [--mod-version=3]
[--datadir=directory] [--binary=path] [--post]
@@ -1607,7 +1607,7 @@ Flags have the following effects:
--mod-version Sets the mod version of lite-xl to install plugins.
--version Returns version information.
--help Displays this help text.
- --ssl_certs Sets the SSL certificate store. Can be a directory,
+ --ssl-certs Sets the SSL certificate store. Can be a directory,
or path to a certificate bundle.
--arch Sets the architecture (default: ]] .. _G.ARCH .. [[).
--assume-yes Ignores any prompts, and automatically answers yes
@@ -1628,7 +1628,7 @@ in any circumstance unless explicitly supplied.
binaries if there is a native compilation step.
--remotes Automatically adds any specified remotes in the
repository to the end of the resolution list.
- --ssl_certs=noverify Ignores SSL certificate validation. Opens you up to
+ --ssl-certs=noverify Ignores SSL certificate validation. Opens you up to
man-in-the-middle attacks.
]]
)
@@ -1658,15 +1658,16 @@ in any circumstance unless explicitly supplied.
repositories = {}
if ARGS[2] == "purge" then return lpm_purge() end
- if ARGS["ssl_certs"] then
- if ARGS["ssl_certs"] == "noverify" then
+ local ssl_certs = ARGS["ssl-certs"] or os.getenv("SSL_CERT_DIR") or os.getenv("SSL_CERT_FILE")
+ if ssl_certs then
+ if ssl_certs == "noverify" then
system.certs("noverify")
else
- local stat = system.stat(ARGS["ssl_certs"])
- if not stat then error("can't find " .. ARGS["ssl_certs"]) end
- system.certs(stat.type, ARGS["ssl_certs"])
+ local stat = system.stat(ssl_certs)
+ if not stat then error("can't find " .. ssl_certs) end
+ system.certs(stat.type, ssl_certs)
end
- elseif not os.getenv("SSL_CERT_DIR") and not os.getenv("SSL_CERT_FILE") then
+ else
local paths = { -- https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux#comment1155804_62500
"/etc/ssl/certs/ca-certificates.crt", -- Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", -- Fedora/RHEL 6
@@ -1694,7 +1695,7 @@ in any circumstance unless explicitly supplied.
break
end
end
- if not has_certs then error("can't find your system's SSL ceritficates; please specify specify a certificate bundle or certificate directory with --ssl_certs") end
+ if not has_certs then error("can't autodetect your system's SSL ceritficates; please specify specify a certificate bundle or certificate directory with --ssl-certs") end
end
end