Merge branch 'jc/http-sslkey-and-ssl-cert-are-paths'
authorJunio C Hamano <gitster@pobox.com>
Fri, 11 Aug 2017 20:26:59 +0000 (13:26 -0700)
committerJunio C Hamano <gitster@pobox.com>
Fri, 11 Aug 2017 20:26:59 +0000 (13:26 -0700)
The http.{sslkey,sslCert} configuration variables are to be
interpreted as a pathname that honors "~[username]/" prefix, but
weren't, which has been fixed.

* jc/http-sslkey-and-ssl-cert-are-paths:
http.c: http.sslcert and http.sslkey are both pathnames

1  2 
http.c
diff --combined http.c
index c6c010f8816f4a01c4b7658a9044b179515590ea,0d27d531b64d4ba4f21e21f92b77ab05a2ae7205..76ff63c14d44057f78b532fb9d873c94ae56231e
--- 1/http.c
--- 2/http.c
+++ b/http.c
@@@ -1,6 -1,5 +1,6 @@@
  #include "git-compat-util.h"
  #include "http.h"
 +#include "config.h"
  #include "pack.h"
  #include "sideband.h"
  #include "run-command.h"
@@@ -20,7 -19,7 +20,7 @@@ long int git_curl_ipresolve
  #endif
  int active_requests;
  int http_is_verbose;
 -size_t http_post_buffer = 16 * LARGE_PACKET_MAX;
 +ssize_t http_post_buffer = 16 * LARGE_PACKET_MAX;
  
  #if LIBCURL_VERSION_NUM >= 0x070a06
  #define LIBCURL_CAN_HANDLE_AUTH_ANY
@@@ -272,10 -271,10 +272,10 @@@ static int http_options(const char *var
        if (!strcmp("http.sslversion", var))
                return git_config_string(&ssl_version, var, value);
        if (!strcmp("http.sslcert", var))
-               return git_config_string(&ssl_cert, var, value);
+               return git_config_pathname(&ssl_cert, var, value);
  #if LIBCURL_VERSION_NUM >= 0x070903
        if (!strcmp("http.sslkey", var))
-               return git_config_string(&ssl_key, var, value);
+               return git_config_pathname(&ssl_key, var, value);
  #endif
  #if LIBCURL_VERSION_NUM >= 0x070908
        if (!strcmp("http.sslcapath", var))
        }
  
        if (!strcmp("http.postbuffer", var)) {
 -              http_post_buffer = git_config_int(var, value);
 +              http_post_buffer = git_config_ssize_t(var, value);
 +              if (http_post_buffer < 0)
 +                      warning(_("negative value for http.postbuffer; defaulting to %d"), LARGE_PACKET_MAX);
                if (http_post_buffer < LARGE_PACKET_MAX)
                        http_post_buffer = LARGE_PACKET_MAX;
                return 0;
@@@ -839,14 -836,8 +839,14 @@@ static CURL *get_curl_handle(void
                }
        }
  
 -      if (curl_http_proxy) {
 -              curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
 +      if (curl_http_proxy && curl_http_proxy[0] == '\0') {
 +              /*
 +               * Handle case with the empty http.proxy value here to keep
 +               * common code clean.
 +               * NB: empty option disables proxying at all.
 +               */
 +              curl_easy_setopt(result, CURLOPT_PROXY, "");
 +      } else if (curl_http_proxy) {
  #if LIBCURL_VERSION_NUM >= 0x071800
                if (starts_with(curl_http_proxy, "socks5h"))
                        curl_easy_setopt(result,
                        strbuf_release(&url);
                }
  
 +              if (!proxy_auth.host)
 +                      die("Invalid proxy URL '%s'", curl_http_proxy);
 +
                curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);
  #if LIBCURL_VERSION_NUM >= 0x071304
                var_override(&curl_no_proxy, getenv("NO_PROXY"));
@@@ -1027,7 -1015,8 +1027,7 @@@ void http_cleanup(void
  
        if (proxy_auth.password) {
                memset(proxy_auth.password, 0, strlen(proxy_auth.password));
 -              free(proxy_auth.password);
 -              proxy_auth.password = NULL;
 +              FREE_AND_NULL(proxy_auth.password);
        }
  
        free((void *)curl_proxyuserpwd);
  
        if (cert_auth.password != NULL) {
                memset(cert_auth.password, 0, strlen(cert_auth.password));
 -              free(cert_auth.password);
 -              cert_auth.password = NULL;
 +              FREE_AND_NULL(cert_auth.password);
        }
        ssl_cert_password_required = 0;
  
 -      free(cached_accept_language);
 -      cached_accept_language = NULL;
 +      FREE_AND_NULL(cached_accept_language);
  }
  
  struct active_request_slot *get_active_slot(void)
@@@ -1375,9 -1366,9 +1375,9 @@@ static int handle_curl_result(struct sl
                 * FAILONERROR it is lost, so we can give only the numeric
                 * status code.
                 */
 -              snprintf(curl_errorstr, sizeof(curl_errorstr),
 -                       "The requested URL returned error: %ld",
 -                       results->http_code);
 +              xsnprintf(curl_errorstr, sizeof(curl_errorstr),
 +                        "The requested URL returned error: %ld",
 +                        results->http_code);
        }
  
        if (results->curl_result == CURLE_OK) {
@@@ -1419,8 -1410,8 +1419,8 @@@ int run_one_slot(struct active_request_
  {
        slot->results = results;
        if (!start_active_slot(slot)) {
 -              snprintf(curl_errorstr, sizeof(curl_errorstr),
 -                       "failed to start HTTP request");
 +              xsnprintf(curl_errorstr, sizeof(curl_errorstr),
 +                        "failed to start HTTP request");
                return HTTP_START_FAILED;
        }
  
@@@ -1894,7 -1885,8 +1894,7 @@@ static char *fetch_pack_index(unsigned 
  
        if (http_get_file(url, tmp, NULL) != HTTP_OK) {
                error("Unable to get pack index %s", url);
 -              free(tmp);
 -              tmp = NULL;
 +              FREE_AND_NULL(tmp);
        }
  
        free(url);
@@@ -2325,7 -2317,8 +2325,7 @@@ void release_http_object_request(struc
                freq->localfile = -1;
        }
        if (freq->url != NULL) {
 -              free(freq->url);
 -              freq->url = NULL;
 +              FREE_AND_NULL(freq->url);
        }
        if (freq->slot != NULL) {
                freq->slot->callback_func = NULL;