From: Junio C Hamano Date: Mon, 13 Jul 2015 21:00:24 +0000 (-0700) Subject: Merge branch 'et/http-proxyauth' X-Git-Tag: v2.5.0-rc2~9 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/0e521a41b526f6dbde76030ca7e7c1107115c120?hp=-c Merge branch 'et/http-proxyauth' We used to ask libCURL to use the most secure authentication method available when talking to an HTTP proxy only when we were told to talk to one via configuration variables. We now ask libCURL to always use the most secure authentication method, because the user can tell libCURL to use an HTTP proxy via an environment variable without using configuration variables. * et/http-proxyauth: http: always use any proxy auth method available --- 0e521a41b526f6dbde76030ca7e7c1107115c120 diff --combined http.c index f0c5bbc8b5,9a7e0892e4..e9c6fdd835 --- a/http.c +++ b/http.c @@@ -36,7 -36,6 +36,7 @@@ char curl_errorstr[CURL_ERROR_SIZE] static int curl_ssl_verify = -1; static int curl_ssl_try; static const char *ssl_cert; +static const char *ssl_cipherlist; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; #endif @@@ -188,8 -187,6 +188,8 @@@ static int http_options(const char *var curl_ssl_verify = git_config_bool(var, value); return 0; } + if (!strcmp("http.sslcipherlist", var)) + return git_config_string(&ssl_cipherlist, var, value); if (!strcmp("http.sslcert", var)) return git_config_string(&ssl_cert, var, value); #if LIBCURL_VERSION_NUM >= 0x070903 @@@ -364,13 -361,6 +364,13 @@@ static CURL *get_curl_handle(void if (http_proactive_auth) init_curl_http_auth(result); + if (getenv("GIT_SSL_CIPHER_LIST")) + ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST"); + + if (ssl_cipherlist != NULL && *ssl_cipherlist) + curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST, + ssl_cipherlist); + if (ssl_cert != NULL) curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); if (has_cert_password()) @@@ -416,10 -406,10 +416,10 @@@ if (curl_http_proxy) { curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); + } #if LIBCURL_VERSION_NUM >= 0x070a07 - curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); #endif - } set_curl_keepalive(result);