diff options
| author | Junio C Hamano <gitster@pobox.com> | 2009-07-09 01:00:36 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2009-07-09 01:00:36 -0700 |
| commit | c535d767f7a518b79a0f9b9a70ec746de76da97c (patch) | |
| tree | 84f4889857e93a4a2bf526436ab0c9fd11855688 /http.c | |
| parent | 128a9d86da3c156c7d1bf25692eeb68a522af935 (diff) | |
| parent | 754ae192a4390baeb4d00b96e72c69023efb22ee (diff) | |
| download | git-c535d767f7a518b79a0f9b9a70ec746de76da97c.tar.gz | |
Merge branch 'ml/http'
* ml/http:
http.c: add http.sslCertPasswordProtected option
http.c: prompt for SSL client certificate password
Conflicts:
http.c
Diffstat (limited to 'http.c')
| -rw-r--r-- | http.c | 48 |
1 files changed, 47 insertions, 1 deletions
@@ -33,6 +33,17 @@ static int curl_ftp_no_epsv; static const char *curl_http_proxy; static char *user_name, *user_pass; +#if LIBCURL_VERSION_NUM >= 0x071700 +/* Use CURLOPT_KEYPASSWD as is */ +#elif LIBCURL_VERSION_NUM >= 0x070903 +#define CURLOPT_KEYPASSWD CURLOPT_SSLKEYPASSWD +#else +#define CURLOPT_KEYPASSWD CURLOPT_SSLCERTPASSWD +#endif + +static char *ssl_cert_password; +static int ssl_cert_password_required; + static struct curl_slist *pragma_header; static struct curl_slist *no_pragma_header; @@ -136,6 +147,11 @@ static int http_options(const char *var, const char *value, void *cb) #endif if (!strcmp("http.sslcainfo", var)) return git_config_string(&ssl_cainfo, var, value); + if (!strcmp("http.sslcertpasswordprotected", var)) { + if (git_config_bool(var, value)) + ssl_cert_password_required = 1; + return 0; + } #ifdef USE_CURL_MULTI if (!strcmp("http.maxrequests", var)) { max_requests = git_config_int(var, value); @@ -174,6 +190,22 @@ static void init_curl_http_auth(CURL *result) } } +static int has_cert_password(void) +{ + if (ssl_cert_password != NULL) + return 1; + if (ssl_cert == NULL || ssl_cert_password_required != 1) + return 0; + /* Only prompt the user once. */ + ssl_cert_password_required = -1; + ssl_cert_password = getpass("Certificate Password: "); + if (ssl_cert_password != NULL) { + ssl_cert_password = xstrdup(ssl_cert_password); + return 1; + } else + return 0; +} + static CURL *get_curl_handle(void) { CURL *result = curl_easy_init(); @@ -196,6 +228,8 @@ static CURL *get_curl_handle(void) if (ssl_cert != NULL) curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); + if (has_cert_password()) + curl_easy_setopt(result, CURLOPT_KEYPASSWD, ssl_cert_password); #if LIBCURL_VERSION_NUM >= 0x070903 if (ssl_key != NULL) curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key); @@ -339,8 +373,13 @@ void http_init(struct remote *remote) if (getenv("GIT_CURL_FTP_NO_EPSV")) curl_ftp_no_epsv = 1; - if (remote && remote->url && remote->url[0]) + if (remote && remote->url && remote->url[0]) { http_auth_init(remote->url[0]); + if (!ssl_cert_password_required && + getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") && + !prefixcmp(remote->url[0], "https://")) + ssl_cert_password_required = 1; + } #ifndef NO_CURL_EASY_DUPHANDLE curl_default = get_curl_handle(); @@ -383,6 +422,13 @@ void http_cleanup(void) free((void *)curl_http_proxy); curl_http_proxy = NULL; } + + if (ssl_cert_password != NULL) { + memset(ssl_cert_password, 0, strlen(ssl_cert_password)); + free(ssl_cert_password); + ssl_cert_password = NULL; + } + ssl_cert_password_required = 0; } struct active_request_slot *get_active_slot(void) |