From: Jeff King <peff@peff.net>
Date: Tue, 1 Dec 2015 22:19:12 +0000 (-0500)
Subject: Merge branch 'pt/http-socks-proxy' into maint
X-Git-Tag: v2.6.4~20
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/92b9bf4a15346b8dae14772e07905ebb6ad29a47?ds=inline;hp=-c

Merge branch 'pt/http-socks-proxy' into maint

Add support for talking http/https over socks proxy.

* pt/http-socks-proxy:
remote-http(s): support SOCKS proxies
---

92b9bf4a15346b8dae14772e07905ebb6ad29a47
diff --combined http.c
index 0f924a8b48,be3f5fb7de..f0a5c05bc7
--- a/http.c
+++ b/http.c
@@@ -37,21 -37,6 +37,21 @@@ char curl_errorstr[CURL_ERROR_SIZE]
  static int curl_ssl_verify = -1;
  static int curl_ssl_try;
  static const char *ssl_cert;
 +static const char *ssl_cipherlist;
 +static const char *ssl_version;
 +static struct {
 +	const char *name;
 +	long ssl_version;
 +} sslversions[] = {
 +	{ "sslv2", CURL_SSLVERSION_SSLv2 },
 +	{ "sslv3", CURL_SSLVERSION_SSLv3 },
 +	{ "tlsv1", CURL_SSLVERSION_TLSv1 },
 +#if LIBCURL_VERSION_NUM >= 0x072200
 +	{ "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
 +	{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
 +	{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
 +#endif
 +};
  #if LIBCURL_VERSION_NUM >= 0x070903
  static const char *ssl_key;
  #endif
@@@ -203,10 -188,6 +203,10 @@@ static int http_options(const char *var
  		curl_ssl_verify = git_config_bool(var, value);
  		return 0;
  	}
 +	if (!strcmp("http.sslcipherlist", var))
 +		return git_config_string(&ssl_cipherlist, var, value);
 +	if (!strcmp("http.sslversion", var))
 +		return git_config_string(&ssl_version, var, value);
  	if (!strcmp("http.sslcert", var))
  		return git_config_string(&ssl_cert, var, value);
  #if LIBCURL_VERSION_NUM >= 0x070903
@@@ -382,28 -363,6 +382,28 @@@ static CURL *get_curl_handle(void
  	if (http_proactive_auth)
  		init_curl_http_auth(result);
  
 +	if (getenv("GIT_SSL_VERSION"))
 +		ssl_version = getenv("GIT_SSL_VERSION");
 +	if (ssl_version && *ssl_version) {
 +		int i;
 +		for (i = 0; i < ARRAY_SIZE(sslversions); i++) {
 +			if (!strcmp(ssl_version, sslversions[i].name)) {
 +				curl_easy_setopt(result, CURLOPT_SSLVERSION,
 +						 sslversions[i].ssl_version);
 +				break;
 +			}
 +		}
 +		if (i == ARRAY_SIZE(sslversions))
 +			warning("unsupported ssl version %s: using default",
 +				ssl_version);
 +	}
 +
 +	if (getenv("GIT_SSL_CIPHER_LIST"))
 +		ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST");
 +	if (ssl_cipherlist != NULL && *ssl_cipherlist)
 +		curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST,
 +				ssl_cipherlist);
 +
  	if (ssl_cert != NULL)
  		curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
  	if (has_cert_password())
@@@ -465,6 -424,17 +465,17 @@@
  
  	if (curl_http_proxy) {
  		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+ #if LIBCURL_VERSION_NUM >= 0x071800
+ 		if (starts_with(curl_http_proxy, "socks5"))
+ 			curl_easy_setopt(result,
+ 				CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
+ 		else if (starts_with(curl_http_proxy, "socks4a"))
+ 			curl_easy_setopt(result,
+ 				CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4A);
+ 		else if (starts_with(curl_http_proxy, "socks"))
+ 			curl_easy_setopt(result,
+ 				CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
+ #endif
  	}
  #if LIBCURL_VERSION_NUM >= 0x070a07
  	curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
@@@ -1367,7 -1337,7 +1378,7 @@@ static int http_get_file(const char *ur
  	ret = http_request_reauth(url, result, HTTP_REQUEST_FILE, options);
  	fclose(result);
  
 -	if (ret == HTTP_OK && move_temp_to_file(tmpfile.buf, filename))
 +	if (ret == HTTP_OK && finalize_object_file(tmpfile.buf, filename))
  		ret = HTTP_ERROR;
  cleanup:
  	strbuf_release(&tmpfile);
@@@ -1454,7 -1424,7 +1465,7 @@@ static int fetch_and_setup_pack_index(s
  	ret = verify_pack_index(new_pack);
  	if (!ret) {
  		close_pack_index(new_pack);
 -		ret = move_temp_to_file(tmp_idx, sha1_pack_index_name(sha1));
 +		ret = finalize_object_file(tmp_idx, sha1_pack_index_name(sha1));
  	}
  	free(tmp_idx);
  	if (ret)
@@@ -1566,8 -1536,8 +1577,8 @@@ int finish_http_pack_request(struct htt
  
  	unlink(sha1_pack_index_name(p->sha1));
  
 -	if (move_temp_to_file(preq->tmpfile, sha1_pack_name(p->sha1))
 -	 || move_temp_to_file(tmp_idx, sha1_pack_index_name(p->sha1))) {
 +	if (finalize_object_file(preq->tmpfile, sha1_pack_name(p->sha1))
 +	 || finalize_object_file(tmp_idx, sha1_pack_index_name(p->sha1))) {
  		free(tmp_idx);
  		return -1;
  	}
@@@ -1831,7 -1801,7 +1842,7 @@@ int finish_http_object_request(struct h
  		return -1;
  	}
  	freq->rename =
 -		move_temp_to_file(freq->tmpfile, sha1_file_name(freq->sha1));
 +		finalize_object_file(freq->tmpfile, sha1_file_name(freq->sha1));
  
  	return freq->rename;
  }