Documentation / config / http.txton commit http: use xmalloc with cURL (93b980e)
   1http.proxy::
   2        Override the HTTP proxy, normally configured using the 'http_proxy',
   3        'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In
   4        addition to the syntax understood by curl, it is possible to specify a
   5        proxy string with a user name but no password, in which case git will
   6        attempt to acquire one in the same way it does for other credentials. See
   7        linkgit:gitcredentials[7] for more information. The syntax thus is
   8        '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden
   9        on a per-remote basis; see remote.<name>.proxy
  10
  11http.proxyAuthMethod::
  12        Set the method with which to authenticate against the HTTP proxy. This
  13        only takes effect if the configured proxy string contains a user name part
  14        (i.e. is of the form 'user@host' or 'user@host:port'). This can be
  15        overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`.
  16        Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment
  17        variable.  Possible values are:
  18+
  19--
  20* `anyauth` - Automatically pick a suitable authentication method. It is
  21  assumed that the proxy answers an unauthenticated request with a 407
  22  status code and one or more Proxy-authenticate headers with supported
  23  authentication methods. This is the default.
  24* `basic` - HTTP Basic authentication
  25* `digest` - HTTP Digest authentication; this prevents the password from being
  26  transmitted to the proxy in clear text
  27* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option
  28  of `curl(1)`)
  29* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`)
  30--
  31
  32http.emptyAuth::
  33        Attempt authentication without seeking a username or password.  This
  34        can be used to attempt GSS-Negotiate authentication without specifying
  35        a username in the URL, as libcurl normally requires a username for
  36        authentication.
  37
  38http.delegation::
  39        Control GSSAPI credential delegation. The delegation is disabled
  40        by default in libcurl since version 7.21.7. Set parameter to tell
  41        the server what it is allowed to delegate when it comes to user
  42        credentials. Used with GSS/kerberos. Possible values are:
  43+
  44--
  45* `none` - Don't allow any delegation.
  46* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the
  47  Kerberos service ticket, which is a matter of realm policy.
  48* `always` - Unconditionally allow the server to delegate.
  49--
  50
  51
  52http.extraHeader::
  53        Pass an additional HTTP header when communicating with a server.  If
  54        more than one such entry exists, all of them are added as extra
  55        headers.  To allow overriding the settings inherited from the system
  56        config, an empty value will reset the extra headers to the empty list.
  57
  58http.cookieFile::
  59        The pathname of a file containing previously stored cookie lines,
  60        which should be used
  61        in the Git http session, if they match the server. The file format
  62        of the file to read cookies from should be plain HTTP headers or
  63        the Netscape/Mozilla cookie file format (see `curl(1)`).
  64        NOTE that the file specified with http.cookieFile is used only as
  65        input unless http.saveCookies is set.
  66
  67http.saveCookies::
  68        If set, store cookies received during requests to the file specified by
  69        http.cookieFile. Has no effect if http.cookieFile is unset.
  70
  71http.version::
  72        Use the specified HTTP protocol version when communicating with a server.
  73        If you want to force the default. The available and default version depend
  74        on libcurl. Actually the possible values of
  75        this option are:
  76
  77        - HTTP/2
  78        - HTTP/1.1
  79
  80http.sslVersion::
  81        The SSL version to use when negotiating an SSL connection, if you
  82        want to force the default.  The available and default version
  83        depend on whether libcurl was built against NSS or OpenSSL and the
  84        particular configuration of the crypto library in use. Internally
  85        this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl
  86        documentation for more details on the format of this option and
  87        for the ssl version supported. Actually the possible values of
  88        this option are:
  89
  90        - sslv2
  91        - sslv3
  92        - tlsv1
  93        - tlsv1.0
  94        - tlsv1.1
  95        - tlsv1.2
  96        - tlsv1.3
  97
  98+
  99Can be overridden by the `GIT_SSL_VERSION` environment variable.
 100To force git to use libcurl's default ssl version and ignore any
 101explicit http.sslversion option, set `GIT_SSL_VERSION` to the
 102empty string.
 103
 104http.sslCipherList::
 105  A list of SSL ciphers to use when negotiating an SSL connection.
 106  The available ciphers depend on whether libcurl was built against
 107  NSS or OpenSSL and the particular configuration of the crypto
 108  library in use.  Internally this sets the 'CURLOPT_SSL_CIPHER_LIST'
 109  option; see the libcurl documentation for more details on the format
 110  of this list.
 111+
 112Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable.
 113To force git to use libcurl's default cipher list and ignore any
 114explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the
 115empty string.
 116
 117http.sslVerify::
 118        Whether to verify the SSL certificate when fetching or pushing
 119        over HTTPS. Defaults to true. Can be overridden by the
 120        `GIT_SSL_NO_VERIFY` environment variable.
 121
 122http.sslCert::
 123        File containing the SSL certificate when fetching or pushing
 124        over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
 125        variable.
 126
 127http.sslKey::
 128        File containing the SSL private key when fetching or pushing
 129        over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
 130        variable.
 131
 132http.sslCertPasswordProtected::
 133        Enable Git's password prompt for the SSL certificate.  Otherwise
 134        OpenSSL will prompt the user, possibly many times, if the
 135        certificate or private key is encrypted.  Can be overridden by the
 136        `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable.
 137
 138http.sslCAInfo::
 139        File containing the certificates to verify the peer with when
 140        fetching or pushing over HTTPS. Can be overridden by the
 141        `GIT_SSL_CAINFO` environment variable.
 142
 143http.sslCAPath::
 144        Path containing files with the CA certificates to verify the peer
 145        with when fetching or pushing over HTTPS. Can be overridden
 146        by the `GIT_SSL_CAPATH` environment variable.
 147
 148http.sslBackend::
 149        Name of the SSL backend to use (e.g. "openssl" or "schannel").
 150        This option is ignored if cURL lacks support for choosing the SSL
 151        backend at runtime.
 152
 153http.schannelCheckRevoke::
 154        Used to enforce or disable certificate revocation checks in cURL
 155        when http.sslBackend is set to "schannel". Defaults to `true` if
 156        unset. Only necessary to disable this if Git consistently errors
 157        and the message is about checking the revocation status of a
 158        certificate. This option is ignored if cURL lacks support for
 159        setting the relevant SSL option at runtime.
 160
 161http.schannelUseSSLCAInfo::
 162        As of cURL v7.60.0, the Secure Channel backend can use the
 163        certificate bundle provided via `http.sslCAInfo`, but that would
 164        override the Windows Certificate Store. Since this is not desirable
 165        by default, Git will tell cURL not to use that bundle by default
 166        when the `schannel` backend was configured via `http.sslBackend`,
 167        unless `http.schannelUseSSLCAInfo` overrides this behavior.
 168
 169http.pinnedpubkey::
 170        Public key of the https service. It may either be the filename of
 171        a PEM or DER encoded public key file or a string starting with
 172        'sha256//' followed by the base64 encoded sha256 hash of the
 173        public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will
 174        exit with an error if this option is set but not supported by
 175        cURL.
 176
 177http.sslTry::
 178        Attempt to use AUTH SSL/TLS and encrypted data transfers
 179        when connecting via regular FTP protocol. This might be needed
 180        if the FTP server requires it for security reasons or you wish
 181        to connect securely whenever remote FTP server supports it.
 182        Default is false since it might trigger certificate verification
 183        errors on misconfigured servers.
 184
 185http.maxRequests::
 186        How many HTTP requests to launch in parallel. Can be overridden
 187        by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5.
 188
 189http.minSessions::
 190        The number of curl sessions (counted across slots) to be kept across
 191        requests. They will not be ended with curl_easy_cleanup() until
 192        http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this
 193        value will be capped at 1. Defaults to 1.
 194
 195http.postBuffer::
 196        Maximum size in bytes of the buffer used by smart HTTP
 197        transports when POSTing data to the remote system.
 198        For requests larger than this buffer size, HTTP/1.1 and
 199        Transfer-Encoding: chunked is used to avoid creating a
 200        massive pack file locally.  Default is 1 MiB, which is
 201        sufficient for most requests.
 202
 203http.lowSpeedLimit, http.lowSpeedTime::
 204        If the HTTP transfer speed is less than 'http.lowSpeedLimit'
 205        for longer than 'http.lowSpeedTime' seconds, the transfer is aborted.
 206        Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and
 207        `GIT_HTTP_LOW_SPEED_TIME` environment variables.
 208
 209http.noEPSV::
 210        A boolean which disables using of EPSV ftp command by curl.
 211        This can helpful with some "poor" ftp servers which don't
 212        support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV`
 213        environment variable. Default is false (curl will use EPSV).
 214
 215http.userAgent::
 216        The HTTP USER_AGENT string presented to an HTTP server.  The default
 217        value represents the version of the client Git such as git/1.7.1.
 218        This option allows you to override this value to a more common value
 219        such as Mozilla/4.0.  This may be necessary, for instance, if
 220        connecting through a firewall that restricts HTTP connections to a set
 221        of common USER_AGENT strings (but not including those like git/1.7.1).
 222        Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable.
 223
 224http.followRedirects::
 225        Whether git should follow HTTP redirects. If set to `true`, git
 226        will transparently follow any redirect issued by a server it
 227        encounters. If set to `false`, git will treat all redirects as
 228        errors. If set to `initial`, git will follow redirects only for
 229        the initial request to a remote, but not for subsequent
 230        follow-up HTTP requests. Since git uses the redirected URL as
 231        the base for the follow-up requests, this is generally
 232        sufficient. The default is `initial`.
 233
 234http.<url>.*::
 235        Any of the http.* options above can be applied selectively to some URLs.
 236        For a config key to match a URL, each element of the config key is
 237        compared to that of the URL, in the following order:
 238+
 239--
 240. Scheme (e.g., `https` in `https://example.com/`). This field
 241  must match exactly between the config key and the URL.
 242
 243. Host/domain name (e.g., `example.com` in `https://example.com/`).
 244  This field must match between the config key and the URL. It is
 245  possible to specify a `*` as part of the host name to match all subdomains
 246  at this level. `https://*.example.com/` for example would match
 247  `https://foo.example.com/`, but not `https://foo.bar.example.com/`.
 248
 249. Port number (e.g., `8080` in `http://example.com:8080/`).
 250  This field must match exactly between the config key and the URL.
 251  Omitted port numbers are automatically converted to the correct
 252  default for the scheme before matching.
 253
 254. Path (e.g., `repo.git` in `https://example.com/repo.git`). The
 255  path field of the config key must match the path field of the URL
 256  either exactly or as a prefix of slash-delimited path elements.  This means
 257  a config key with path `foo/` matches URL path `foo/bar`.  A prefix can only
 258  match on a slash (`/`) boundary.  Longer matches take precedence (so a config
 259  key with path `foo/bar` is a better match to URL path `foo/bar` than a config
 260  key with just path `foo/`).
 261
 262. User name (e.g., `user` in `https://user@example.com/repo.git`). If
 263  the config key has a user name it must match the user name in the
 264  URL exactly. If the config key does not have a user name, that
 265  config key will match a URL with any user name (including none),
 266  but at a lower precedence than a config key with a user name.
 267--
 268+
 269The list above is ordered by decreasing precedence; a URL that matches
 270a config key's path is preferred to one that matches its user name. For example,
 271if the URL is `https://user@example.com/foo/bar` a config key match of
 272`https://example.com/foo` will be preferred over a config key match of
 273`https://user@example.com`.
 274+
 275All URLs are normalized before attempting any matching (the password part,
 276if embedded in the URL, is always ignored for matching purposes) so that
 277equivalent URLs that are simply spelled differently will match properly.
 278Environment variable settings always override any matches.  The URLs that are
 279matched against are those given directly to Git commands.  This means any URLs
 280visited as a result of a redirection do not participate in matching.