vendor/libgit2/src/streams/mbedtls.c in rugged-1.1.1 vs vendor/libgit2/src/streams/mbedtls.c in rugged-1.2.0

@@ -9,11 +9,11 @@
 
 #ifdef GIT_MBEDTLS
 
 #include <ctype.h>
 
-#include "global.h"
+#include "runtime.h"
 #include "stream.h"
 #include "streams/socket.h"
 #include "netops.h"
 #include "git2/transport.h"
 #include "util.h"
@@ -66,12 +66,10 @@
 		git__free(mbedtls_entropy);
 		mbedtls_entropy = NULL;
 	}
 }
 
-int git_mbedtls__set_cert_location(const char *path, int is_dir);
-
 int git_mbedtls_stream_global_init(void)
 {
 	int loaded = 0;
 	char *crtpath = GIT_DEFAULT_CERT_LOCATION;
 	struct stat statbuf;
@@ -146,18 +144,16 @@
 
 	mbedtls_ssl_conf_rng(git__ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg);
 
 	/* load default certificates */
 	if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
-		loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0);
+		loaded = (git_mbedtls__set_cert_location(crtpath, NULL) == 0);
 	if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
-		loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0);
+		loaded = (git_mbedtls__set_cert_location(NULL, crtpath) == 0);
 
-	git__on_shutdown(shutdown_ssl);
+	return git_runtime_shutdown_register(shutdown_ssl);
 
-	return 0;
-
 cleanup:
 	mbedtls_ctr_drbg_free(ctr_drbg);
 	git__free(ctr_drbg);
 	mbedtls_ssl_config_free(git__ssl_conf);
 	git__free(git__ssl_conf);
@@ -181,12 +177,12 @@
 static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
 {
 	char errbuf[512];
 	int ret = -1;
 
-	assert(error != MBEDTLS_ERR_SSL_WANT_READ);
-	assert(error != MBEDTLS_ERR_SSL_WANT_WRITE);
+	GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_READ);
+	GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_WRITE);
 
 	if (error != 0)
 		mbedtls_strerror( error, errbuf, 512 );
 
 	switch(error) {
@@ -423,11 +419,13 @@
 	const char *port)
 {
 	git_stream *stream;
 	int error;
 
-	assert(out && host && port);
+	GIT_ASSERT_ARG(out);
+	GIT_ASSERT_ARG(host);
+	GIT_ASSERT_ARG(port);
 
 	if ((error = git_socket_stream_new(&stream, host, port)) < 0)
 		return error;
 
 	if ((error = mbedtls_stream_wrap(out, stream, host, 1)) < 0) {
@@ -436,26 +434,25 @@
 	}
 
 	return error;
 }
 
-int git_mbedtls__set_cert_location(const char *path, int is_dir)
+int git_mbedtls__set_cert_location(const char *file, const char *path)
 {
 	int ret = 0;
 	char errbuf[512];
 	mbedtls_x509_crt *cacert;
 
-	assert(path != NULL);
+	GIT_ASSERT_ARG(file || path);
 
 	cacert = git__malloc(sizeof(mbedtls_x509_crt));
 	GIT_ERROR_CHECK_ALLOC(cacert);
 
 	mbedtls_x509_crt_init(cacert);
-	if (is_dir) {
+	if (file)
+		ret = mbedtls_x509_crt_parse_file(cacert, file);
+	if (ret >= 0 && path)
 		ret = mbedtls_x509_crt_parse_path(cacert, path);
-	} else {
-		ret = mbedtls_x509_crt_parse_file(cacert, path);
-	}
 	/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
 	if (ret < 0) {
 		mbedtls_x509_crt_free(cacert);
 		git__free(cacert);
 		mbedtls_strerror( ret, errbuf, 512 );