1http.proxy:: 2 Override the HTTP proxy, normally configured using the 'http_proxy', 3 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In 4 addition to the syntax understood by curl, it is possible to specify a 5 proxy string with a user name but no password, in which case git will 6 attempt to acquire one in the same way it does for other credentials. See 7 linkgit:gitcredentials[7] for more information. The syntax thus is 8 '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden 9 on a per-remote basis; see remote.<name>.proxy 10 11http.proxyAuthMethod:: 12 Set the method with which to authenticate against the HTTP proxy. This 13 only takes effect if the configured proxy string contains a user name part 14 (i.e. is of the form 'user@host' or 'user@host:port'). This can be 15 overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`. 16 Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment 17 variable. Possible values are: 18+ 19-- 20* `anyauth` - Automatically pick a suitable authentication method. It is 21 assumed that the proxy answers an unauthenticated request with a 407 22 status code and one or more Proxy-authenticate headers with supported 23 authentication methods. This is the default. 24* `basic` - HTTP Basic authentication 25* `digest` - HTTP Digest authentication; this prevents the password from being 26 transmitted to the proxy in clear text 27* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option 28 of `curl(1)`) 29* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`) 30-- 31 32http.emptyAuth:: 33 Attempt authentication without seeking a username or password. This 34 can be used to attempt GSS-Negotiate authentication without specifying 35 a username in the URL, as libcurl normally requires a username for 36 authentication. 37 38http.delegation:: 39 Control GSSAPI credential delegation. The delegation is disabled 40 by default in libcurl since version 7.21.7. Set parameter to tell 41 the server what it is allowed to delegate when it comes to user 42 credentials. Used with GSS/kerberos. Possible values are: 43+ 44-- 45* `none` - Don't allow any delegation. 46* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the 47 Kerberos service ticket, which is a matter of realm policy. 48* `always` - Unconditionally allow the server to delegate. 49-- 50 51 52http.extraHeader:: 53 Pass an additional HTTP header when communicating with a server. If 54 more than one such entry exists, all of them are added as extra 55 headers. To allow overriding the settings inherited from the system 56 config, an empty value will reset the extra headers to the empty list. 57 58http.cookieFile:: 59 The pathname of a file containing previously stored cookie lines, 60 which should be used 61 in the Git http session, if they match the server. The file format 62 of the file to read cookies from should be plain HTTP headers or 63 the Netscape/Mozilla cookie file format (see `curl(1)`). 64 NOTE that the file specified with http.cookieFile is used only as 65 input unless http.saveCookies is set. 66 67http.saveCookies:: 68 If set, store cookies received during requests to the file specified by 69 http.cookieFile. Has no effect if http.cookieFile is unset. 70 71http.version:: 72 Use the specified HTTP protocol version when communicating with a server. 73 If you want to force the default. The available and default version depend 74 on libcurl. Actually the possible values of 75 this option are: 76 77 - HTTP/2 78 - HTTP/1.1 79 80http.sslVersion:: 81 The SSL version to use when negotiating an SSL connection, if you 82 want to force the default. The available and default version 83 depend on whether libcurl was built against NSS or OpenSSL and the 84 particular configuration of the crypto library in use. Internally 85 this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl 86 documentation for more details on the format of this option and 87 for the ssl version supported. Actually the possible values of 88 this option are: 89 90 - sslv2 91 - sslv3 92 - tlsv1 93 - tlsv1.0 94 - tlsv1.1 95 - tlsv1.2 96 - tlsv1.3 97 98+ 99Can be overridden by the `GIT_SSL_VERSION` environment variable. 100To force git to use libcurl's default ssl version and ignore any 101explicit http.sslversion option, set `GIT_SSL_VERSION` to the 102empty string. 103 104http.sslCipherList:: 105 A list of SSL ciphers to use when negotiating an SSL connection. 106 The available ciphers depend on whether libcurl was built against 107 NSS or OpenSSL and the particular configuration of the crypto 108 library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' 109 option; see the libcurl documentation for more details on the format 110 of this list. 111+ 112Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable. 113To force git to use libcurl's default cipher list and ignore any 114explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the 115empty string. 116 117http.sslVerify:: 118 Whether to verify the SSL certificate when fetching or pushing 119 over HTTPS. Defaults to true. Can be overridden by the 120 `GIT_SSL_NO_VERIFY` environment variable. 121 122http.sslCert:: 123 File containing the SSL certificate when fetching or pushing 124 over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment 125 variable. 126 127http.sslKey:: 128 File containing the SSL private key when fetching or pushing 129 over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment 130 variable. 131 132http.sslCertPasswordProtected:: 133 Enable Git's password prompt for the SSL certificate. Otherwise 134 OpenSSL will prompt the user, possibly many times, if the 135 certificate or private key is encrypted. Can be overridden by the 136 `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable. 137 138http.sslCAInfo:: 139 File containing the certificates to verify the peer with when 140 fetching or pushing over HTTPS. Can be overridden by the 141 `GIT_SSL_CAINFO` environment variable. 142 143http.sslCAPath:: 144 Path containing files with the CA certificates to verify the peer 145 with when fetching or pushing over HTTPS. Can be overridden 146 by the `GIT_SSL_CAPATH` environment variable. 147 148http.sslBackend:: 149 Name of the SSL backend to use (e.g. "openssl" or "schannel"). 150 This option is ignored if cURL lacks support for choosing the SSL 151 backend at runtime. 152 153http.schannelCheckRevoke:: 154 Used to enforce or disable certificate revocation checks in cURL 155 when http.sslBackend is set to "schannel". Defaults to `true` if 156 unset. Only necessary to disable this if Git consistently errors 157 and the message is about checking the revocation status of a 158 certificate. This option is ignored if cURL lacks support for 159 setting the relevant SSL option at runtime. 160 161http.schannelUseSSLCAInfo:: 162 As of cURL v7.60.0, the Secure Channel backend can use the 163 certificate bundle provided via `http.sslCAInfo`, but that would 164 override the Windows Certificate Store. Since this is not desirable 165 by default, Git will tell cURL not to use that bundle by default 166 when the `schannel` backend was configured via `http.sslBackend`, 167 unless `http.schannelUseSSLCAInfo` overrides this behavior. 168 169http.pinnedpubkey:: 170 Public key of the https service. It may either be the filename of 171 a PEM or DER encoded public key file or a string starting with 172 'sha256//' followed by the base64 encoded sha256 hash of the 173 public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will 174 exit with an error if this option is set but not supported by 175 cURL. 176 177http.sslTry:: 178 Attempt to use AUTH SSL/TLS and encrypted data transfers 179 when connecting via regular FTP protocol. This might be needed 180 if the FTP server requires it for security reasons or you wish 181 to connect securely whenever remote FTP server supports it. 182 Default is false since it might trigger certificate verification 183 errors on misconfigured servers. 184 185http.maxRequests:: 186 How many HTTP requests to launch in parallel. Can be overridden 187 by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5. 188 189http.minSessions:: 190 The number of curl sessions (counted across slots) to be kept across 191 requests. They will not be ended with curl_easy_cleanup() until 192 http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this 193 value will be capped at 1. Defaults to 1. 194 195http.postBuffer:: 196 Maximum size in bytes of the buffer used by smart HTTP 197 transports when POSTing data to the remote system. 198 For requests larger than this buffer size, HTTP/1.1 and 199 Transfer-Encoding: chunked is used to avoid creating a 200 massive pack file locally. Default is 1 MiB, which is 201 sufficient for most requests. 202 203http.lowSpeedLimit, http.lowSpeedTime:: 204 If the HTTP transfer speed is less than 'http.lowSpeedLimit' 205 for longer than 'http.lowSpeedTime' seconds, the transfer is aborted. 206 Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and 207 `GIT_HTTP_LOW_SPEED_TIME` environment variables. 208 209http.noEPSV:: 210 A boolean which disables using of EPSV ftp command by curl. 211 This can helpful with some "poor" ftp servers which don't 212 support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV` 213 environment variable. Default is false (curl will use EPSV). 214 215http.userAgent:: 216 The HTTP USER_AGENT string presented to an HTTP server. The default 217 value represents the version of the client Git such as git/1.7.1. 218 This option allows you to override this value to a more common value 219 such as Mozilla/4.0. This may be necessary, for instance, if 220 connecting through a firewall that restricts HTTP connections to a set 221 of common USER_AGENT strings (but not including those like git/1.7.1). 222 Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. 223 224http.followRedirects:: 225 Whether git should follow HTTP redirects. If set to `true`, git 226 will transparently follow any redirect issued by a server it 227 encounters. If set to `false`, git will treat all redirects as 228 errors. If set to `initial`, git will follow redirects only for 229 the initial request to a remote, but not for subsequent 230 follow-up HTTP requests. Since git uses the redirected URL as 231 the base for the follow-up requests, this is generally 232 sufficient. The default is `initial`. 233 234http.<url>.*:: 235 Any of the http.* options above can be applied selectively to some URLs. 236 For a config key to match a URL, each element of the config key is 237 compared to that of the URL, in the following order: 238+ 239-- 240. Scheme (e.g., `https` in `https://example.com/`). This field 241 must match exactly between the config key and the URL. 242 243. Host/domain name (e.g., `example.com` in `https://example.com/`). 244 This field must match between the config key and the URL. It is 245 possible to specify a `*` as part of the host name to match all subdomains 246 at this level. `https://*.example.com/` for example would match 247 `https://foo.example.com/`, but not `https://foo.bar.example.com/`. 248 249. Port number (e.g., `8080` in `http://example.com:8080/`). 250 This field must match exactly between the config key and the URL. 251 Omitted port numbers are automatically converted to the correct 252 default for the scheme before matching. 253 254. Path (e.g., `repo.git` in `https://example.com/repo.git`). The 255 path field of the config key must match the path field of the URL 256 either exactly or as a prefix of slash-delimited path elements. This means 257 a config key with path `foo/` matches URL path `foo/bar`. A prefix can only 258 match on a slash (`/`) boundary. Longer matches take precedence (so a config 259 key with path `foo/bar` is a better match to URL path `foo/bar` than a config 260 key with just path `foo/`). 261 262. User name (e.g., `user` in `https://user@example.com/repo.git`). If 263 the config key has a user name it must match the user name in the 264 URL exactly. If the config key does not have a user name, that 265 config key will match a URL with any user name (including none), 266 but at a lower precedence than a config key with a user name. 267-- 268+ 269The list above is ordered by decreasing precedence; a URL that matches 270a config key's path is preferred to one that matches its user name. For example, 271if the URL is `https://user@example.com/foo/bar` a config key match of 272`https://example.com/foo` will be preferred over a config key match of 273`https://user@example.com`. 274+ 275All URLs are normalized before attempting any matching (the password part, 276if embedded in the URL, is always ignored for matching purposes) so that 277equivalent URLs that are simply spelled differently will match properly. 278Environment variable settings always override any matches. The URLs that are 279matched against are those given directly to Git commands. This means any URLs 280visited as a result of a redirection do not participate in matching.