delta/libgit2.git/src/transports/http.h, branch ethomson/test_https github.com: libgit2/libgit2.git str: introduce `git_str` for internal, `git_buf` is external 2021-10-17T13:49:01+00:00 Edward Thomson ethomson@edwardthomson.com 2021-09-07T21:53:49+00:00 f0e693b18afbe1de37d7da5b5a8967b6c87d8e53 libgit2 has two distinct requirements that were previously solved by `git_buf`. We require: 1. A general purpose string class that provides a number of utility APIs for manipulating data (eg, concatenating, truncating, etc). 2. A structure that we can use to return strings to callers that they can take ownership of. By using a single class (`git_buf`) for both of these purposes, we have confused the API to the point that refactorings are difficult and reasoning about correctness is also difficult. Move the utility class `git_buf` to be called `git_str`: this represents its general purpose, as an internal string buffer class. The name also is an homage to Junio Hamano ("gitstr"). The public API remains `git_buf`, and has a much smaller footprint. It is generally only used as an "out" param with strict requirements that follow the documentation. (Exceptions exist for some legacy APIs to avoid breaking callers unnecessarily.) Utility functions exist to convert a user-specified `git_buf` to a `git_str` so that we can call internal functions, then converting it back again. 
libgit2 has two distinct requirements that were previously solved by
`git_buf`.  We require:

1. A general purpose string class that provides a number of utility APIs
   for manipulating data (eg, concatenating, truncating, etc).
2. A structure that we can use to return strings to callers that they
   can take ownership of.

By using a single class (`git_buf`) for both of these purposes, we have
confused the API to the point that refactorings are difficult and
reasoning about correctness is also difficult.

Move the utility class `git_buf` to be called `git_str`: this represents
its general purpose, as an internal string buffer class.  The name also
is an homage to Junio Hamano ("gitstr").

The public API remains `git_buf`, and has a much smaller footprint.  It
is generally only used as an "out" param with strict requirements that
follow the documentation.  (Exceptions exist for some legacy APIs to
avoid breaking callers unnecessarily.)

Utility functions exist to convert a user-specified `git_buf` to a
`git_str` so that we can call internal functions, then converting it
back again.
settings: localize global data 2020-10-11T13:43:35+00:00 Edward Thomson ethomson@edwardthomson.com 2020-05-13T09:39:33+00:00 6554b40e42df831d7fc9c623d34b2738227dd8a2 Move the settings global data teardown into its own separate function, instead of intermingled with the global state. 
Move the settings global data teardown into its own separate function,
instead of intermingled with the global state.
http: use the new httpclient 2020-01-24T16:39:51+00:00 Edward Thomson ethomson@edwardthomson.com 2019-12-22T22:12:24+00:00 b9c5b15a7958ab4ecb83504a6d858efd18610297 Untangle the notion of the http transport from the actual http implementation. The http transport now uses the httpclient. 
Untangle the notion of the http transport from the actual http
implementation.  The http transport now uses the httpclient.
httpclient: support expect/continue 2020-01-24T16:16:36+00:00 Edward Thomson ethomson@edwardthomson.com 2019-10-25T11:22:10+00:00 7372573b5f1113b8522e2588fac1c529ddcedb0a Allow users to opt-in to expect/continue handling when sending a POST and we're authenticated with a "connection-based" authentication mechanism like NTLM or Negotiate. If the response is a 100, return to the caller (to allow them to post their body). If the response is *not* a 100, buffer the response for the caller. HTTP expect/continue is generally safe, but some legacy servers have not implemented it correctly. Require it to be opt-in. 
Allow users to opt-in to expect/continue handling when sending a POST
and we're authenticated with a "connection-based" authentication
mechanism like NTLM or Negotiate.

If the response is a 100, return to the caller (to allow them to post
their body).  If the response is *not* a 100, buffer the response for
the caller.

HTTP expect/continue is generally safe, but some legacy servers
have not implemented it correctly.  Require it to be opt-in.
http: increase the replay count 2019-06-10T18:58:22+00:00 Edward Thomson ethomson@edwardthomson.com 2019-03-14T10:36:40+00:00 956ba48bdd488d4e22dd5a468df952765b8c9824 Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline. 
Increase the permissible replay count; with multiple-step authentication
schemes (NTLM, Negotiate), proxy authentication and redirects, we need
to be mindful of the number of steps it takes to get connected.

7 seems high but can be exhausted quickly with just a single authentication
failure over a redirected multi-state authentication pipeline.
http transport: cap number of authentication replays 2018-11-28T15:30:17+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-22T10:29:01+00:00 6af8572c7f282f458c6c63b005a85c46a14569db Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport. 
Put a limit on the number of authentication replays in the HTTP
transport.  Standardize on 7 replays for authentication or redirects,
which matches the behavior of the WinHTTP transport.
http: standardize user-agent addition 2018-02-10T07:05:55+00:00 Edward Thomson ethomson@edwardthomson.com 2018-01-31T16:36:19+00:00 ee6be190e69ae26cec589e99b48f901b18b8e873 The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im> 
The winhttp and posix http each need to add the user-agent to their
requests.  Standardize on a single function to include this so that we
do not get the version numbers we're sending out of sync.

Assemble the complete user agent in `git_http__user_agent`, returning
assembled strings.

Co-authored-by: Patrick Steinhardt <ps@pks.im>