summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
Diffstat (limited to 'http.c')
-rw-r--r--http.c97
1 files changed, 80 insertions, 17 deletions
diff --git a/http.c b/http.c
index 221d3f2eda..62aa995245 100644
--- a/http.c
+++ b/http.c
@@ -86,6 +86,13 @@ static long curl_low_speed_time = -1;
static int curl_ftp_no_epsv;
static const char *curl_http_proxy;
static const char *http_proxy_authmethod;
+
+static const char *http_proxy_ssl_cert;
+static const char *http_proxy_ssl_key;
+static const char *http_proxy_ssl_ca_info;
+static struct credential proxy_cert_auth = CREDENTIAL_INIT;
+static int proxy_ssl_cert_password_required;
+
static struct {
const char *name;
long curlauth_param;
@@ -150,7 +157,7 @@ static unsigned long empty_auth_useless =
static struct curl_slist *pragma_header;
static struct curl_slist *no_pragma_header;
-static struct curl_slist *extra_http_headers;
+static struct string_list extra_http_headers = STRING_LIST_INIT_DUP;
static struct active_request_slot *active_queue_head;
@@ -365,6 +372,20 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.proxyauthmethod", var))
return git_config_string(&http_proxy_authmethod, var, value);
+ if (!strcmp("http.proxysslcert", var))
+ return git_config_string(&http_proxy_ssl_cert, var, value);
+
+ if (!strcmp("http.proxysslkey", var))
+ return git_config_string(&http_proxy_ssl_key, var, value);
+
+ if (!strcmp("http.proxysslcainfo", var))
+ return git_config_string(&http_proxy_ssl_ca_info, var, value);
+
+ if (!strcmp("http.proxysslcertpasswordprotected", var)) {
+ proxy_ssl_cert_password_required = git_config_bool(var, value);
+ return 0;
+ }
+
if (!strcmp("http.cookiefile", var))
return git_config_pathname(&curl_cookie_file, var, value);
if (!strcmp("http.savecookies", var)) {
@@ -414,11 +435,9 @@ static int http_options(const char *var, const char *value, void *cb)
if (!value) {
return config_error_nonbool(var);
} else if (!*value) {
- curl_slist_free_all(extra_http_headers);
- extra_http_headers = NULL;
+ string_list_clear(&extra_http_headers, 0);
} else {
- extra_http_headers =
- curl_slist_append(extra_http_headers, value);
+ string_list_append(&extra_http_headers, value);
}
return 0;
}
@@ -568,6 +587,22 @@ static int has_cert_password(void)
return 1;
}
+#if LIBCURL_VERSION_NUM >= 0x073400
+static int has_proxy_cert_password(void)
+{
+ if (http_proxy_ssl_cert == NULL || proxy_ssl_cert_password_required != 1)
+ return 0;
+ if (!proxy_cert_auth.password) {
+ proxy_cert_auth.protocol = xstrdup("cert");
+ proxy_cert_auth.host = xstrdup("");
+ proxy_cert_auth.username = xstrdup("");
+ proxy_cert_auth.path = xstrdup(http_proxy_ssl_cert);
+ credential_fill(&proxy_cert_auth);
+ }
+ return 1;
+}
+#endif
+
#if LIBCURL_VERSION_NUM >= 0x071900
static void set_curl_keepalive(CURL *c)
{
@@ -683,8 +718,8 @@ static void curl_dump_header(const char *text, unsigned char *ptr, size_t size,
for (header = headers; *header; header++) {
if (hide_sensitive_header)
redact_sensitive_header(*header);
- strbuf_insert((*header), 0, text, strlen(text));
- strbuf_insert((*header), strlen(text), ": ", 2);
+ strbuf_insertstr((*header), 0, text);
+ strbuf_insertstr((*header), strlen(text), ": ");
strbuf_rtrim((*header));
strbuf_addch((*header), '\n');
trace_strbuf(&trace_curl, (*header));
@@ -927,8 +962,14 @@ static CURL *get_curl_handle(void)
#if LIBCURL_VERSION_NUM >= 0x073400
curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, NULL);
#endif
- } else if (ssl_cainfo != NULL)
- curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
+ } else if (ssl_cainfo != NULL || http_proxy_ssl_ca_info != NULL) {
+ if (ssl_cainfo != NULL)
+ curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
+#if LIBCURL_VERSION_NUM >= 0x073400
+ if (http_proxy_ssl_ca_info != NULL)
+ curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, http_proxy_ssl_ca_info);
+#endif
+ }
if (curl_low_speed_limit > 0 && curl_low_speed_time > 0) {
curl_easy_setopt(result, CURLOPT_LOW_SPEED_LIMIT,
@@ -1021,9 +1062,18 @@ static CURL *get_curl_handle(void)
CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
#endif
#if LIBCURL_VERSION_NUM >= 0x073400
- else if (starts_with(curl_http_proxy, "https"))
- curl_easy_setopt(result,
- CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
+ else if (starts_with(curl_http_proxy, "https")) {
+ curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
+
+ if (http_proxy_ssl_cert)
+ curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert);
+
+ if (http_proxy_ssl_key)
+ curl_easy_setopt(result, CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key);
+
+ if (has_proxy_cert_password())
+ curl_easy_setopt(result, CURLOPT_PROXY_KEYPASSWD, proxy_cert_auth.password);
+ }
#endif
if (strstr(curl_http_proxy, "://"))
credential_from_url(&proxy_auth, curl_http_proxy);
@@ -1163,6 +1213,13 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
max_requests = DEFAULT_MAX_REQUESTS;
#endif
+ set_from_env(&http_proxy_ssl_cert, "GIT_PROXY_SSL_CERT");
+ set_from_env(&http_proxy_ssl_key, "GIT_PROXY_SSL_KEY");
+ set_from_env(&http_proxy_ssl_ca_info, "GIT_PROXY_SSL_CAINFO");
+
+ if (getenv("GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED"))
+ proxy_ssl_cert_password_required = 1;
+
if (getenv("GIT_CURL_FTP_NO_EPSV"))
curl_ftp_no_epsv = 1;
@@ -1203,8 +1260,7 @@ void http_cleanup(void)
#endif
curl_global_cleanup();
- curl_slist_free_all(extra_http_headers);
- extra_http_headers = NULL;
+ string_list_clear(&extra_http_headers, 0);
curl_slist_free_all(pragma_header);
pragma_header = NULL;
@@ -1234,6 +1290,12 @@ void http_cleanup(void)
}
ssl_cert_password_required = 0;
+ if (proxy_cert_auth.password != NULL) {
+ memset(proxy_cert_auth.password, 0, strlen(proxy_cert_auth.password));
+ FREE_AND_NULL(proxy_cert_auth.password);
+ }
+ proxy_ssl_cert_password_required = 0;
+
FREE_AND_NULL(cached_accept_language);
}
@@ -1628,10 +1690,11 @@ int run_one_slot(struct active_request_slot *slot,
struct curl_slist *http_copy_default_headers(void)
{
- struct curl_slist *headers = NULL, *h;
+ struct curl_slist *headers = NULL;
+ const struct string_list_item *item;
- for (h = extra_http_headers; h; h = h->next)
- headers = curl_slist_append(headers, h->data);
+ for_each_string_list_item(item, &extra_http_headers)
+ headers = curl_slist_append(headers, item->string);
return headers;
}