Skip to content

Commit

Permalink
Merge branch 'ml/http'
Browse files Browse the repository at this point in the history
* ml/http:
  http.c: add http.sslCertPasswordProtected option
  http.c: prompt for SSL client certificate password

Conflicts:
	http.c
  • Loading branch information
Junio C Hamano committed Jul 9, 2009
2 parents 128a9d8 + 754ae19 commit c535d76
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 1 deletion.
6 changes: 6 additions & 0 deletions Documentation/config.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1045,6 +1045,12 @@ http.sslKey::
over HTTPS. Can be overridden by the 'GIT_SSL_KEY' environment
variable.

http.sslCertPasswordProtected::
Enable git's password prompt for the SSL certificate. Otherwise
OpenSSL will prompt the user, possibly many times, if the
certificate or private key is encrypted. Can be overridden by the
'GIT_SSL_CERT_PASSWORD_PROTECTED' environment variable.

http.sslCAInfo::
File containing the certificates to verify the peer with when
fetching or pushing over HTTPS. Can be overridden by the
Expand Down
48 changes: 47 additions & 1 deletion http.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,17 @@ static int curl_ftp_no_epsv;
static const char *curl_http_proxy;
static char *user_name, *user_pass;

#if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */
#elif LIBCURL_VERSION_NUM >= 0x070903
#define CURLOPT_KEYPASSWD CURLOPT_SSLKEYPASSWD
#else
#define CURLOPT_KEYPASSWD CURLOPT_SSLCERTPASSWD
#endif

static char *ssl_cert_password;
static int ssl_cert_password_required;

static struct curl_slist *pragma_header;
static struct curl_slist *no_pragma_header;

Expand Down Expand Up @@ -136,6 +147,11 @@ static int http_options(const char *var, const char *value, void *cb)
#endif
if (!strcmp("http.sslcainfo", var))
return git_config_string(&ssl_cainfo, var, value);
if (!strcmp("http.sslcertpasswordprotected", var)) {
if (git_config_bool(var, value))
ssl_cert_password_required = 1;
return 0;
}
#ifdef USE_CURL_MULTI
if (!strcmp("http.maxrequests", var)) {
max_requests = git_config_int(var, value);
Expand Down Expand Up @@ -174,6 +190,22 @@ static void init_curl_http_auth(CURL *result)
}
}

static int has_cert_password(void)
{
if (ssl_cert_password != NULL)
return 1;
if (ssl_cert == NULL || ssl_cert_password_required != 1)
return 0;
/* Only prompt the user once. */
ssl_cert_password_required = -1;
ssl_cert_password = getpass("Certificate Password: ");
if (ssl_cert_password != NULL) {
ssl_cert_password = xstrdup(ssl_cert_password);
return 1;
} else
return 0;
}

static CURL *get_curl_handle(void)
{
CURL *result = curl_easy_init();
Expand All @@ -196,6 +228,8 @@ static CURL *get_curl_handle(void)

if (ssl_cert != NULL)
curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
if (has_cert_password())
curl_easy_setopt(result, CURLOPT_KEYPASSWD, ssl_cert_password);
#if LIBCURL_VERSION_NUM >= 0x070903
if (ssl_key != NULL)
curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
Expand Down Expand Up @@ -339,8 +373,13 @@ void http_init(struct remote *remote)
if (getenv("GIT_CURL_FTP_NO_EPSV"))
curl_ftp_no_epsv = 1;

if (remote && remote->url && remote->url[0])
if (remote && remote->url && remote->url[0]) {
http_auth_init(remote->url[0]);
if (!ssl_cert_password_required &&
getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
!prefixcmp(remote->url[0], "https://"))
ssl_cert_password_required = 1;
}

#ifndef NO_CURL_EASY_DUPHANDLE
curl_default = get_curl_handle();
Expand Down Expand Up @@ -383,6 +422,13 @@ void http_cleanup(void)
free((void *)curl_http_proxy);
curl_http_proxy = NULL;
}

if (ssl_cert_password != NULL) {
memset(ssl_cert_password, 0, strlen(ssl_cert_password));
free(ssl_cert_password);
ssl_cert_password = NULL;
}
ssl_cert_password_required = 0;
}

struct active_request_slot *get_active_slot(void)
Expand Down

0 comments on commit c535d76

Please sign in to comment.