diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-02-24 13:25:58 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-02-24 13:25:58 -0800 |
commit | e79112d21024beb997951381db21a70b087d459d (patch) | |
tree | 704e66558f2e558b07506a605f0829ce72cfa238 /http.c | |
parent | Merge branch 'bc/http-empty-auth' (diff) | |
parent | http: implement public key pinning (diff) | |
download | tgif-e79112d21024beb997951381db21a70b087d459d.tar.xz |
Merge branch 'ce/https-public-key-pinning'
You can now set http.[<url>.]pinnedpubkey to specify the pinned
public key when building with recent enough versions of libcURL.
* ce/https-public-key-pinning:
http: implement public key pinning
Diffstat (limited to 'http.c')
-rw-r--r-- | http.c | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -62,6 +62,9 @@ static const char *ssl_key; #if LIBCURL_VERSION_NUM >= 0x070908 static const char *ssl_capath; #endif +#if LIBCURL_VERSION_NUM >= 0x072c00 +static const char *ssl_pinnedkey; +#endif static const char *ssl_cainfo; static long curl_low_speed_limit = -1; static long curl_low_speed_time = -1; @@ -310,6 +313,15 @@ static int http_options(const char *var, const char *value, void *cb) return 0; } + if (!strcmp("http.pinnedpubkey", var)) { +#if LIBCURL_VERSION_NUM >= 0x072c00 + return git_config_pathname(&ssl_pinnedkey, var, value); +#else + warning(_("Public key pinning not supported with cURL < 7.44.0")); + return 0; +#endif + } + /* Fall back on the default ones */ return git_default_config(var, value, cb); } @@ -513,6 +525,10 @@ static CURL *get_curl_handle(void) if (ssl_capath != NULL) curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath); #endif +#if LIBCURL_VERSION_NUM >= 0x072c00 + if (ssl_pinnedkey != NULL) + curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey); +#endif if (ssl_cainfo != NULL) curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo); |