http, imap-send: stop using CURLOPT_VERBOSE

Whenever GIT_CURL_VERBOSE is set, teach Git to behave as if GIT_TRACE_CURL=1 and GIT_TRACE_CURL_NO_DATA=1 is set, instead of setting CURLOPT_VERBOSE. This is to prevent inadvertent revelation of sensitive data. In particular, GIT_CURL_VERBOSE redacts neither the "Authorization" header nor any cookies specified by GIT_REDACT_COOKIES. Unifying the tracing mechanism also has the future benefit that any improvements to the tracing mechanism will benefit both users of GIT_CURL_VERBOSE and GIT_TRACE_CURL, and we do not need to remember to implement any improvement twice. Signed-off-by: Jonathan Tan <jonathantanmy@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jonathan Tan <jonathantanmy@google.com> 2020-05-11 10:43:10 -0700
committer: Junio C Hamano <gitster@pobox.com> 2020-05-11 11:18:01 -0700
commit: 7167a62b9e2f648adc11411446f876f2458722a5 (patch)
tree: eb0b58dfdde6cd2ad37d1aff90f10ebb41c65f56 /imap-send.c
parent: 373e9bd66e2ba468f490e5e4ec1ccbe47853f8cd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/imap-send.c b/imap-send.c
index 6c54d8c29d..52737546f3 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -1464,7 +1464,7 @@ static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred)
 	curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
 
 	if (0 < verbosity || getenv("GIT_CURL_VERBOSE"))
-		curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+		http_trace_curl_no_data();
 	setup_curl_trace(curl);
 
 	return curl;
author	Jonathan Tan <jonathantanmy@google.com>	2020-05-11 10:43:10 -0700
committer	Junio C Hamano <gitster@pobox.com>	2020-05-11 11:18:01 -0700
commit	7167a62b9e2f648adc11411446f876f2458722a5 (patch)
tree	eb0b58dfdde6cd2ad37d1aff90f10ebb41c65f56 /imap-send.c
parent	373e9bd66e2ba468f490e5e4ec1ccbe47853f8cd (diff)