From: Junio C Hamano <gitster@pobox.com>
Date: Fri, 11 Aug 2017 20:26:59 +0000 (-0700)
Subject: Merge branch 'jc/http-sslkey-and-ssl-cert-are-paths'
X-Git-Tag: v2.15.0-rc0~204
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/17b1e1d76c581cfbd4a83a38136b5efef0dc7aa4?hp=-c

Merge branch 'jc/http-sslkey-and-ssl-cert-are-paths'

The http.{sslkey,sslCert} configuration variables are to be
interpreted as a pathname that honors "~[username]/" prefix, but
weren't, which has been fixed.

* jc/http-sslkey-and-ssl-cert-are-paths:
http.c: http.sslcert and http.sslkey are both pathnames
---

17b1e1d76c581cfbd4a83a38136b5efef0dc7aa4
diff --combined http.c
index c6c010f881,0d27d531b6..76ff63c14d
--- a/http.c
+++ b/http.c
@@@ -1,6 -1,5 +1,6 @@@
  #include "git-compat-util.h"
  #include "http.h"
 +#include "config.h"
  #include "pack.h"
  #include "sideband.h"
  #include "run-command.h"
@@@ -20,7 -19,7 +20,7 @@@ long int git_curl_ipresolve
  #endif
  int active_requests;
  int http_is_verbose;
 -size_t http_post_buffer = 16 * LARGE_PACKET_MAX;
 +ssize_t http_post_buffer = 16 * LARGE_PACKET_MAX;
  
  #if LIBCURL_VERSION_NUM >= 0x070a06
  #define LIBCURL_CAN_HANDLE_AUTH_ANY
@@@ -272,10 -271,10 +272,10 @@@ static int http_options(const char *var
  	if (!strcmp("http.sslversion", var))
  		return git_config_string(&ssl_version, var, value);
  	if (!strcmp("http.sslcert", var))
- 		return git_config_string(&ssl_cert, var, value);
+ 		return git_config_pathname(&ssl_cert, var, value);
  #if LIBCURL_VERSION_NUM >= 0x070903
  	if (!strcmp("http.sslkey", var))
- 		return git_config_string(&ssl_key, var, value);
+ 		return git_config_pathname(&ssl_key, var, value);
  #endif
  #if LIBCURL_VERSION_NUM >= 0x070908
  	if (!strcmp("http.sslcapath", var))
@@@ -332,9 -331,7 +332,9 @@@
  	}
  
  	if (!strcmp("http.postbuffer", var)) {
 -		http_post_buffer = git_config_int(var, value);
 +		http_post_buffer = git_config_ssize_t(var, value);
 +		if (http_post_buffer < 0)
 +			warning(_("negative value for http.postbuffer; defaulting to %d"), LARGE_PACKET_MAX);
  		if (http_post_buffer < LARGE_PACKET_MAX)
  			http_post_buffer = LARGE_PACKET_MAX;
  		return 0;
@@@ -839,14 -836,8 +839,14 @@@ static CURL *get_curl_handle(void
  		}
  	}
  
 -	if (curl_http_proxy) {
 -		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
 +	if (curl_http_proxy && curl_http_proxy[0] == '\0') {
 +		/*
 +		 * Handle case with the empty http.proxy value here to keep
 +		 * common code clean.
 +		 * NB: empty option disables proxying at all.
 +		 */
 +		curl_easy_setopt(result, CURLOPT_PROXY, "");
 +	} else if (curl_http_proxy) {
  #if LIBCURL_VERSION_NUM >= 0x071800
  		if (starts_with(curl_http_proxy, "socks5h"))
  			curl_easy_setopt(result,
@@@ -870,9 -861,6 +870,9 @@@
  			strbuf_release(&url);
  		}
  
 +		if (!proxy_auth.host)
 +			die("Invalid proxy URL '%s'", curl_http_proxy);
 +
  		curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);
  #if LIBCURL_VERSION_NUM >= 0x071304
  		var_override(&curl_no_proxy, getenv("NO_PROXY"));
@@@ -1027,7 -1015,8 +1027,7 @@@ void http_cleanup(void
  
  	if (proxy_auth.password) {
  		memset(proxy_auth.password, 0, strlen(proxy_auth.password));
 -		free(proxy_auth.password);
 -		proxy_auth.password = NULL;
 +		FREE_AND_NULL(proxy_auth.password);
  	}
  
  	free((void *)curl_proxyuserpwd);
@@@ -1038,11 -1027,13 +1038,11 @@@
  
  	if (cert_auth.password != NULL) {
  		memset(cert_auth.password, 0, strlen(cert_auth.password));
 -		free(cert_auth.password);
 -		cert_auth.password = NULL;
 +		FREE_AND_NULL(cert_auth.password);
  	}
  	ssl_cert_password_required = 0;
  
 -	free(cached_accept_language);
 -	cached_accept_language = NULL;
 +	FREE_AND_NULL(cached_accept_language);
  }
  
  struct active_request_slot *get_active_slot(void)
@@@ -1375,9 -1366,9 +1375,9 @@@ static int handle_curl_result(struct sl
  		 * FAILONERROR it is lost, so we can give only the numeric
  		 * status code.
  		 */
 -		snprintf(curl_errorstr, sizeof(curl_errorstr),
 -			 "The requested URL returned error: %ld",
 -			 results->http_code);
 +		xsnprintf(curl_errorstr, sizeof(curl_errorstr),
 +			  "The requested URL returned error: %ld",
 +			  results->http_code);
  	}
  
  	if (results->curl_result == CURLE_OK) {
@@@ -1419,8 -1410,8 +1419,8 @@@ int run_one_slot(struct active_request_
  {
  	slot->results = results;
  	if (!start_active_slot(slot)) {
 -		snprintf(curl_errorstr, sizeof(curl_errorstr),
 -			 "failed to start HTTP request");
 +		xsnprintf(curl_errorstr, sizeof(curl_errorstr),
 +			  "failed to start HTTP request");
  		return HTTP_START_FAILED;
  	}
  
@@@ -1894,7 -1885,8 +1894,7 @@@ static char *fetch_pack_index(unsigned 
  
  	if (http_get_file(url, tmp, NULL) != HTTP_OK) {
  		error("Unable to get pack index %s", url);
 -		free(tmp);
 -		tmp = NULL;
 +		FREE_AND_NULL(tmp);
  	}
  
  	free(url);
@@@ -2325,7 -2317,8 +2325,7 @@@ void release_http_object_request(struc
  		freq->localfile = -1;
  	}
  	if (freq->url != NULL) {
 -		free(freq->url);
 -		freq->url = NULL;
 +		FREE_AND_NULL(freq->url);
  	}
  	if (freq->slot != NULL) {
  		freq->slot->callback_func = NULL;