diff options
| author | Junio C Hamano <gitster@pobox.com> | 2013-04-19 13:31:08 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-04-19 13:31:08 -0700 |
| commit | 574d51b575d9025d57c610c3b571ca58d347d0da (patch) | |
| tree | 5f409c38a354aace88e787d5417798cf6ded7d0d | |
| parent | 1468a5839309033feb2e58943babdd48b8e2d151 (diff) | |
| parent | 4bc444eb64173f770c1d1dba2ed3db393c2a9b18 (diff) | |
| download | git-574d51b575d9025d57c610c3b571ca58d347d0da.tar.gz | |
Merge branch 'mv/ssl-ftp-curl'
Does anybody really use commit walkers over (s)ftp?
* mv/ssl-ftp-curl:
Support FTP-over-SSL/TLS for regular FTP
| -rw-r--r-- | Documentation/config.txt | 8 | ||||
| -rw-r--r-- | http.c | 10 | ||||
| -rw-r--r-- | http.h | 9 |
3 files changed, 27 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index 42b0f3ba42..21d4447cb4 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1465,6 +1465,14 @@ http.sslCAPath:: with when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_CAPATH' environment variable. +http.sslTry:: + Attempt to use AUTH SSL/TLS and encrypted data transfers + when connecting via regular FTP protocol. This might be needed + if the FTP server requires it for security reasons or you wish + to connect securely whenever remote FTP server supports it. + Default is false since it might trigger certificate verification + errors on misconfigured servers. + http.maxRequests:: How many HTTP requests to launch in parallel. Can be overridden by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5. @@ -31,6 +31,7 @@ static CURL *curl_default; char curl_errorstr[CURL_ERROR_SIZE]; static int curl_ssl_verify = -1; +static int curl_ssl_try; static const char *ssl_cert; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; @@ -163,6 +164,10 @@ static int http_options(const char *var, const char *value, void *cb) ssl_cert_password_required = 1; return 0; } + if (!strcmp("http.ssltry", var)) { + curl_ssl_try = git_config_bool(var, value); + return 0; + } if (!strcmp("http.minsessions", var)) { min_curl_sessions = git_config_int(var, value); #ifndef USE_CURL_MULTI @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) if (curl_ftp_no_epsv) curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); +#ifdef CURLOPT_USE_SSL + if (curl_ssl_try) + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); +#endif + if (curl_http_proxy) { curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); @@ -42,6 +42,15 @@ #define NO_CURL_IOCTL #endif +/* + * CURLOPT_USE_SSL was known as CURLOPT_FTP_SSL up to 7.16.4, + * and the constants were known as CURLFTPSSL_* +*/ +#if !defined(CURLOPT_USE_SSL) && defined(CURLOPT_FTP_SSL) +#define CURLOPT_USE_SSL CURLOPT_FTP_SSL +#define CURLUSESSL_TRY CURLFTPSSL_TRY +#endif + struct slot_results { CURLcode curl_result; long http_code; |