Andrew's git / gitweb.git / diff
?
Merge branch 'et/http-proxyauth'
authorJunio C Hamano <gitster@pobox.com>
Mon, 13 Jul 2015 21:00:24 +0000 (14:00 -0700)
committerJunio C Hamano <gitster@pobox.com>
Mon, 13 Jul 2015 21:00:24 +0000 (14:00 -0700)
We used to ask libCURL to use the most secure authentication method
available when talking to an HTTP proxy only when we were told to
talk to one via configuration variables. We now ask libCURL to
always use the most secure authentication method, because the user
can tell libCURL to use an HTTP proxy via an environment variable
without using configuration variables.

* et/http-proxyauth:
http: always use any proxy auth method available

1  2 
http.c patch | diff1 | diff2 | blob | history
diff --combined http.c
index f0c5bbc8b59768bb7b177494861d5f548b25fbb1,9a7e0892e479a977f575a549699bc76e969634be..e9c6fdd835ea4bd4fe24ad374fbef69d6e9a8ba2
--- 1/http.c
--- 2/http.c
+++ b/http.c
@@@ -36,7 -36,6 +36,7 @@@ char curl_errorstr[CURL_ERROR_SIZE]
  static int curl_ssl_verify = -1;
  static int curl_ssl_try;
  static const char *ssl_cert;
 +static const char *ssl_cipherlist;
  #if LIBCURL_VERSION_NUM >= 0x070903
  static const char *ssl_key;
  #endif
@@@ -188,8 -187,6 +188,8 @@@ static int http_options(const char *var
                curl_ssl_verify = git_config_bool(var, value);
                return 0;
        }
 +      if (!strcmp("http.sslcipherlist", var))
 +              return git_config_string(&ssl_cipherlist, var, value);
        if (!strcmp("http.sslcert", var))
                return git_config_string(&ssl_cert, var, value);
  #if LIBCURL_VERSION_NUM >= 0x070903
@@@ -364,13 -361,6 +364,13 @@@ static CURL *get_curl_handle(void
        if (http_proactive_auth)
                init_curl_http_auth(result);
  
 +      if (getenv("GIT_SSL_CIPHER_LIST"))
 +              ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST");
 +
 +      if (ssl_cipherlist != NULL && *ssl_cipherlist)
 +              curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST,
 +                              ssl_cipherlist);
 +
        if (ssl_cert != NULL)
                curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
        if (has_cert_password())
@@@ -416,10 -406,10 +416,10 @@@
  
        if (curl_http_proxy) {
                curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+       }
  #if LIBCURL_VERSION_NUM >= 0x070a07
-               curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
+       curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
  #endif
-       }
  
        set_curl_keepalive(result);