summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
Diffstat (limited to 'http.c')
-rw-r--r--http.c47
1 files changed, 29 insertions, 18 deletions
diff --git a/http.c b/http.c
index 8b23a546af..406410f884 100644
--- a/http.c
+++ b/http.c
@@ -1635,23 +1635,33 @@ static int handle_curl_result(struct slot_results *results)
if (results->curl_result == CURLE_OK) {
credential_approve(&http_auth);
- if (proxy_auth.password)
- credential_approve(&proxy_auth);
+ credential_approve(&proxy_auth);
+ credential_approve(&cert_auth);
return HTTP_OK;
+ } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
+ /*
+ * We can't tell from here whether it's a bad path, bad
+ * certificate, bad password, or something else wrong
+ * with the certificate. So we reject the credential to
+ * avoid caching or saving a bad password.
+ */
+ credential_reject(&cert_auth);
+ return HTTP_NOAUTH;
} else if (missing_target(results))
return HTTP_MISSING_TARGET;
else if (results->http_code == 401) {
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+ http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
+ if (results->auth_avail) {
+ http_auth_methods &= results->auth_avail;
+ http_auth_methods_restricted = 1;
+ return HTTP_REAUTH;
+ }
+#endif
if (http_auth.username && http_auth.password) {
credential_reject(&http_auth);
return HTTP_NOAUTH;
} else {
-#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
- http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
- if (results->auth_avail) {
- http_auth_methods &= results->auth_avail;
- http_auth_methods_restricted = 1;
- }
-#endif
return HTTP_REAUTH;
}
} else {
@@ -2259,6 +2269,9 @@ void release_http_pack_request(struct http_pack_request *preq)
free(preq);
}
+static const char *default_index_pack_args[] =
+ {"index-pack", "--stdin", NULL};
+
int finish_http_pack_request(struct http_pack_request *preq)
{
struct child_process ip = CHILD_PROCESS_INIT;
@@ -2270,17 +2283,15 @@ int finish_http_pack_request(struct http_pack_request *preq)
tmpfile_fd = xopen(preq->tmpfile.buf, O_RDONLY);
- strvec_push(&ip.args, "index-pack");
- strvec_push(&ip.args, "--stdin");
ip.git_cmd = 1;
ip.in = tmpfile_fd;
- if (preq->generate_keep) {
- strvec_pushf(&ip.args, "--keep=git %"PRIuMAX,
- (uintmax_t)getpid());
+ ip.argv = preq->index_pack_args ? preq->index_pack_args
+ : default_index_pack_args;
+
+ if (preq->preserve_index_pack_stdout)
ip.out = 0;
- } else {
+ else
ip.no_stdout = 1;
- }
if (run_command(&ip)) {
ret = -1;
@@ -2323,7 +2334,7 @@ struct http_pack_request *new_direct_http_pack_request(
off_t prev_posn = 0;
struct http_pack_request *preq;
- preq = xcalloc(1, sizeof(*preq));
+ CALLOC_ARRAY(preq, 1);
strbuf_init(&preq->tmpfile, 0);
preq->url = url;
@@ -2418,7 +2429,7 @@ struct http_object_request *new_http_object_request(const char *base_url,
off_t prev_posn = 0;
struct http_object_request *freq;
- freq = xcalloc(1, sizeof(*freq));
+ CALLOC_ARRAY(freq, 1);
strbuf_init(&freq->tmpfile, 0);
oidcpy(&freq->oid, oid);
freq->localfile = -1;