diff options
author | Junio C Hamano <gitster@pobox.com> | 2021-10-11 10:21:47 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-10-11 10:21:47 -0700 |
commit | 97492aacffee48dd217164f6af4b9d1db1aa6646 (patch) | |
tree | 3dc52dd1021a58845040a6f579c58fda522f6d5a | |
parent | Merge branch 'js/win-lazyload-buildfix' (diff) | |
parent | http: check CURLE_SSL_PINNEDPUBKEYNOTMATCH when emitting errors (diff) | |
download | tgif-97492aacffee48dd217164f6af4b9d1db1aa6646.tar.xz |
Merge branch 'ab/http-pinned-public-key-mismatch'
HTTPS error handling updates.
* ab/http-pinned-public-key-mismatch:
http: check CURLE_SSL_PINNEDPUBKEYNOTMATCH when emitting errors
-rw-r--r-- | git-curl-compat.h | 3 | ||||
-rw-r--r-- | http.c | 4 | ||||
-rw-r--r-- | http.h | 1 | ||||
-rw-r--r-- | remote-curl.c | 4 |
4 files changed, 11 insertions, 1 deletions
diff --git a/git-curl-compat.h b/git-curl-compat.h index a308bdb3b9..56a83b6bbd 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -67,10 +67,11 @@ /** * CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November - * 2014. + * 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version. */ #if LIBCURL_VERSION_NUM >= 0x072c00 #define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1 +#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1 #endif /** @@ -1489,6 +1489,10 @@ static int handle_curl_result(struct slot_results *results) */ credential_reject(&cert_auth); return HTTP_NOAUTH; +#ifdef GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH + } else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) { + return HTTP_NOMATCHPUBLICKEY; +#endif } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { @@ -154,6 +154,7 @@ struct http_get_options { #define HTTP_START_FAILED 3 #define HTTP_REAUTH 4 #define HTTP_NOAUTH 5 +#define HTTP_NOMATCHPUBLICKEY 6 /* * Requests a URL and stores the result in a strbuf. diff --git a/remote-curl.c b/remote-curl.c index 3f5688e426..5975103b96 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -499,6 +499,10 @@ static struct discovery *discover_refs(const char *service, int for_push) show_http_message(&type, &charset, &buffer); die(_("Authentication failed for '%s'"), transport_anonymize_url(url.buf)); + case HTTP_NOMATCHPUBLICKEY: + show_http_message(&type, &charset, &buffer); + die(_("unable to access '%s' with http.pinnedPubkey configuration: %s"), + transport_anonymize_url(url.buf), curl_errorstr); default: show_http_message(&type, &charset, &buffer); die(_("unable to access '%s': %s"), |