summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2016-02-24 13:25:58 -0800
committerLibravatar Junio C Hamano <gitster@pobox.com>2016-02-24 13:25:58 -0800
commite79112d21024beb997951381db21a70b087d459d (patch)
tree704e66558f2e558b07506a605f0829ce72cfa238 /http.c
parentMerge branch 'bc/http-empty-auth' (diff)
parenthttp: implement public key pinning (diff)
downloadtgif-e79112d21024beb997951381db21a70b087d459d.tar.xz
Merge branch 'ce/https-public-key-pinning'
You can now set http.[<url>.]pinnedpubkey to specify the pinned public key when building with recent enough versions of libcURL. * ce/https-public-key-pinning: http: implement public key pinning
Diffstat (limited to 'http.c')
-rw-r--r--http.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/http.c b/http.c
index 279b6f2e9a..1d5e3bbd11 100644
--- a/http.c
+++ b/http.c
@@ -62,6 +62,9 @@ static const char *ssl_key;
#if LIBCURL_VERSION_NUM >= 0x070908
static const char *ssl_capath;
#endif
+#if LIBCURL_VERSION_NUM >= 0x072c00
+static const char *ssl_pinnedkey;
+#endif
static const char *ssl_cainfo;
static long curl_low_speed_limit = -1;
static long curl_low_speed_time = -1;
@@ -310,6 +313,15 @@ static int http_options(const char *var, const char *value, void *cb)
return 0;
}
+ if (!strcmp("http.pinnedpubkey", var)) {
+#if LIBCURL_VERSION_NUM >= 0x072c00
+ return git_config_pathname(&ssl_pinnedkey, var, value);
+#else
+ warning(_("Public key pinning not supported with cURL < 7.44.0"));
+ return 0;
+#endif
+ }
+
/* Fall back on the default ones */
return git_default_config(var, value, cb);
}
@@ -513,6 +525,10 @@ static CURL *get_curl_handle(void)
if (ssl_capath != NULL)
curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
#endif
+#if LIBCURL_VERSION_NUM >= 0x072c00
+ if (ssl_pinnedkey != NULL)
+ curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
+#endif
if (ssl_cainfo != NULL)
curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);