diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2015-05-22 12:41:45 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-05-22 12:41:45 -0700 |
| commit | 39fa79178feb1ce72050ebd21b9e34f158e8befa (patch) | |
| tree | 2d260dcc6491537e26df4d3d8b8ada0b448eb41f | |
| parent | Merge branch 'dl/subtree-avoid-tricky-echo' (diff) | |
| parent | http: add support for specifying an SSL cipher list (diff) | |
| download | tgif-39fa79178feb1ce72050ebd21b9e34f158e8befa.tar.xz | |
Merge branch 'ls/http-ssl-cipher-list'
Introduce http.<url>.SSLCipherList configuration variable to tweak
the list of cipher suite to be used with libcURL when talking with
https:// sites.
* ls/http-ssl-cipher-list:
http: add support for specifying an SSL cipher list
| -rw-r--r-- | Documentation/config.txt | 13 | ||||
| -rw-r--r-- | contrib/completion/git-completion.bash | 1 | ||||
| -rw-r--r-- | http.c | 10 |
3 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index 948b8b0e5c..efea933561 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1569,6 +1569,19 @@ http.saveCookies:: If set, store cookies received during requests to the file specified by http.cookieFile. Has no effect if http.cookieFile is unset. +http.sslCipherList:: + A list of SSL ciphers to use when negotiating an SSL connection. + The available ciphers depend on whether libcurl was built against + NSS or OpenSSL and the particular configuration of the crypto + library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' + option; see the libcurl documentation for more details on the format + of this list. ++ +Can be overridden by the 'GIT_SSL_CIPHER_LIST' environment variable. +To force git to use libcurl's default cipher list and ignore any +explicit http.sslCipherList option, set 'GIT_SSL_CIPHER_LIST' to the +empty string. + http.sslVerify:: Whether to verify the SSL certificate when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment diff --git a/contrib/completion/git-completion.bash b/contrib/completion/git-completion.bash index a430d9f493..20b8114612 100644 --- a/contrib/completion/git-completion.bash +++ b/contrib/completion/git-completion.bash @@ -2122,6 +2122,7 @@ _git_config () http.noEPSV http.postBuffer http.proxy + http.sslCipherList http.sslCAInfo http.sslCAPath http.sslCert @@ -36,6 +36,7 @@ char curl_errorstr[CURL_ERROR_SIZE]; static int curl_ssl_verify = -1; static int curl_ssl_try; static const char *ssl_cert; +static const char *ssl_cipherlist; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; #endif @@ -187,6 +188,8 @@ static int http_options(const char *var, const char *value, void *cb) curl_ssl_verify = git_config_bool(var, value); return 0; } + if (!strcmp("http.sslcipherlist", var)) + return git_config_string(&ssl_cipherlist, var, value); if (!strcmp("http.sslcert", var)) return git_config_string(&ssl_cert, var, value); #if LIBCURL_VERSION_NUM >= 0x070903 @@ -361,6 +364,13 @@ static CURL *get_curl_handle(void) if (http_proactive_auth) init_curl_http_auth(result); + if (getenv("GIT_SSL_CIPHER_LIST")) + ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST"); + + if (ssl_cipherlist != NULL && *ssl_cipherlist) + curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST, + ssl_cipherlist); + if (ssl_cert != NULL) curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); if (has_cert_password()) |