summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2021-10-11 10:21:47 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-10-11 10:21:47 -0700
commit97492aacffee48dd217164f6af4b9d1db1aa6646 (patch)
tree3dc52dd1021a58845040a6f579c58fda522f6d5a
parentMerge branch 'js/win-lazyload-buildfix' (diff)
parenthttp: check CURLE_SSL_PINNEDPUBKEYNOTMATCH when emitting errors (diff)
downloadtgif-97492aacffee48dd217164f6af4b9d1db1aa6646.tar.xz
Merge branch 'ab/http-pinned-public-key-mismatch'
HTTPS error handling updates. * ab/http-pinned-public-key-mismatch: http: check CURLE_SSL_PINNEDPUBKEYNOTMATCH when emitting errors
-rw-r--r--git-curl-compat.h3
-rw-r--r--http.c4
-rw-r--r--http.h1
-rw-r--r--remote-curl.c4
4 files changed, 11 insertions, 1 deletions
diff --git a/git-curl-compat.h b/git-curl-compat.h
index a308bdb3b9..56a83b6bbd 100644
--- a/git-curl-compat.h
+++ b/git-curl-compat.h
@@ -67,10 +67,11 @@
/**
* CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November
- * 2014.
+ * 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version.
*/
#if LIBCURL_VERSION_NUM >= 0x072c00
#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1
+#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1
#endif
/**
diff --git a/http.c b/http.c
index 7f8ca5502a..53cf7ad570 100644
--- a/http.c
+++ b/http.c
@@ -1489,6 +1489,10 @@ static int handle_curl_result(struct slot_results *results)
*/
credential_reject(&cert_auth);
return HTTP_NOAUTH;
+#ifdef GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH
+ } else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) {
+ return HTTP_NOMATCHPUBLICKEY;
+#endif
} else if (missing_target(results))
return HTTP_MISSING_TARGET;
else if (results->http_code == 401) {
diff --git a/http.h b/http.h
index 3db5a0cf32..df1590e53a 100644
--- a/http.h
+++ b/http.h
@@ -154,6 +154,7 @@ struct http_get_options {
#define HTTP_START_FAILED 3
#define HTTP_REAUTH 4
#define HTTP_NOAUTH 5
+#define HTTP_NOMATCHPUBLICKEY 6
/*
* Requests a URL and stores the result in a strbuf.
diff --git a/remote-curl.c b/remote-curl.c
index 3f5688e426..5975103b96 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -499,6 +499,10 @@ static struct discovery *discover_refs(const char *service, int for_push)
show_http_message(&type, &charset, &buffer);
die(_("Authentication failed for '%s'"),
transport_anonymize_url(url.buf));
+ case HTTP_NOMATCHPUBLICKEY:
+ show_http_message(&type, &charset, &buffer);
+ die(_("unable to access '%s' with http.pinnedPubkey configuration: %s"),
+ transport_anonymize_url(url.buf), curl_errorstr);
default:
show_http_message(&type, &charset, &buffer);
die(_("unable to access '%s': %s"),