summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Mark Lodato <lodatom@gmail.com>2009-05-27 23:16:03 -0400
committerLibravatar Junio C Hamano <gitster@pobox.com>2009-06-18 10:51:29 -0700
commit754ae192a4390baeb4d00b96e72c69023efb22ee (patch)
treec9cd82ab1d90339599a7b8ab00f9a3cd80e992d1
parenthttp.c: prompt for SSL client certificate password (diff)
downloadtgif-754ae192a4390baeb4d00b96e72c69023efb22ee.tar.xz
http.c: add http.sslCertPasswordProtected option
Add a configuration option, http.sslCertPasswordProtected, and associated environment variable, GIT_SSL_CERT_PASSWORD_PROTECTED, to enable SSL client certificate password prompt from within git. If this option is false and if the environment variable does not exist, git falls back to OpenSSL's prompts (as in earlier versions of git). The environment variable may only be used to enable, not to disable git's password prompt. This behavior mimics GIT_NO_VERIFY; the mere existence of the variable is all that is checked. Signed-off-by: Mark Lodato <lodatom@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/config.txt6
-rw-r--r--http.c9
2 files changed, 14 insertions, 1 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 3a86d1f8f0..2649b303fa 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1043,6 +1043,12 @@ http.sslKey::
over HTTPS. Can be overridden by the 'GIT_SSL_KEY' environment
variable.
+http.sslCertPasswordProtected::
+ Enable git's password prompt for the SSL certificate. Otherwise
+ OpenSSL will prompt the user, possibly many times, if the
+ certificate or private key is encrypted. Can be overridden by the
+ 'GIT_SSL_CERT_PASSWORD_PROTECTED' environment variable.
+
http.sslCAInfo::
File containing the certificates to verify the peer with when
fetching or pushing over HTTPS. Can be overridden by the
diff --git a/http.c b/http.c
index 1c138135d7..1b140d381d 100644
--- a/http.c
+++ b/http.c
@@ -140,6 +140,11 @@ static int http_options(const char *var, const char *value, void *cb)
#endif
if (!strcmp("http.sslcainfo", var))
return git_config_string(&ssl_cainfo, var, value);
+ if (!strcmp("http.sslcertpasswordprotected", var)) {
+ if (git_config_bool(var, value))
+ ssl_cert_password_required = 1;
+ return 0;
+ }
#ifdef USE_CURL_MULTI
if (!strcmp("http.maxrequests", var)) {
max_requests = git_config_int(var, value);
@@ -360,7 +365,9 @@ void http_init(struct remote *remote)
if (remote && remote->url && remote->url[0]) {
http_auth_init(remote->url[0]);
- if (!prefixcmp(remote->url[0], "https://"))
+ if (!ssl_cert_password_required &&
+ getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
+ !prefixcmp(remote->url[0], "https://"))
ssl_cert_password_required = 1;
}