diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2021-03-26 14:59:02 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-03-26 14:59:02 -0700 |
| commit | 8c81fce4b07c7e0f76960f35b6ffdc817c09b7ad (patch) | |
| tree | a7a763d32d81fc2a79b65e6323e8f2389ea60e00 | |
| parent | Merge branch 'ab/make-cleanup' (diff) | |
| parent | http: drop the check for an empty proxy password before approving (diff) | |
| download | tgif-8c81fce4b07c7e0f76960f35b6ffdc817c09b7ad.tar.xz | |
Merge branch 'js/http-pki-credential-store'
The http codepath learned to let the credential layer to cache the
password used to unlock a certificate that has successfully been
used.
* js/http-pki-credential-store:
http: drop the check for an empty proxy password before approving
http: store credential when PKI auth is used
| -rw-r--r-- | http.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -1635,9 +1635,18 @@ static int handle_curl_result(struct slot_results *results) if (results->curl_result == CURLE_OK) { credential_approve(&http_auth); - if (proxy_auth.password) - credential_approve(&proxy_auth); + credential_approve(&proxy_auth); + credential_approve(&cert_auth); return HTTP_OK; + } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) { + /* + * We can't tell from here whether it's a bad path, bad + * certificate, bad password, or something else wrong + * with the certificate. So we reject the credential to + * avoid caching or saving a bad password. + */ + credential_reject(&cert_auth); + return HTTP_NOAUTH; } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { |