delta/libgit2.git/src, branch ethomson/credtype github.com: libgit2/libgit2.git credential: change git_cred to git_credential 2020-01-26T18:39:41+00:00 Edward Thomson ethomson@edwardthomson.com 2020-01-18T13:51:40+00:00 3f54ba8b61869f42b2bbd1a60091a0be640bc8fc We avoid abbreviations where possible; rename git_cred to git_credential. In addition, we have standardized on a trailing `_t` for enum types, instead of using "type" in the name. So `git_credtype_t` has become `git_credential_t` and its members have become `GIT_CREDENTIAL` instead of `GIT_CREDTYPE`. Finally, the source and header files have been renamed to `credential` instead of `cred`. Keep previous name and values as deprecated, and include the new header files from the previous ones. 
We avoid abbreviations where possible; rename git_cred to
git_credential.

In addition, we have standardized on a trailing `_t` for enum types,
instead of using "type" in the name.  So `git_credtype_t` has become
`git_credential_t` and its members have become `GIT_CREDENTIAL` instead
of `GIT_CREDTYPE`.

Finally, the source and header files have been renamed to `credential`
instead of `cred`.

Keep previous name and values as deprecated, and include the new header
files from the previous ones.
http: introduce GIT_ERROR_HTTP 2020-01-24T16:39:56+00:00 Edward Thomson ethomson@edwardthomson.com 2020-01-11T23:53:45+00:00 e9cef7c4b16b2cb572ac19fcd39217f7934cfa99 Disambiguate between general network problems and HTTP problems in error codes. 
Disambiguate between general network problems and HTTP problems in error
codes.
httpclient: use defines for status codes 2020-01-24T16:39:56+00:00 Edward Thomson ethomson@edwardthomson.com 2020-01-01T22:14:37+00:00 29762e4089d8619d281083f2fab1176b378668e1 






trace: compare against an int value
2020-01-24T16:39:56+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-29T18:46:44+00:00

3e9ee04f11ab505e6e79b75b5627d1e075932330

When tracing is disabled, don't let `git_trace__level` return a void,
since that can't be compared against.





When tracing is disabled, don't let `git_trace__level` return a void,
since that can't be compared against.







http: send probe packets
2020-01-24T16:39:56+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-26T22:37:01+00:00

76fd406a75c340fdda4c7a3a9dc56d206b2b0577

When we're authenticating with a connection-based authentication scheme
(NTLM, Negotiate), we need to make sure that we're still connected
between the initial GET where we did the authentication and the POST
that we're about to send.  Our keep-alive session may have not kept
alive, but more likely, some servers do not authenticate the entire
keep-alive connection and may have "forgotten" that we were
authenticated, namely Apache and nginx.

Send a "probe" packet, that is an HTTP POST request to the upload-pack
or receive-pack endpoint, that consists of an empty git pkt ("0000").
If we're authenticated, we'll get a 200 back.  If we're not, we'll get a
401 back, and then we'll resend that probe packet with the first step of
our authentication (asking to start authentication with the given
scheme).  We expect _yet another_ 401 back, with the authentication
challenge.

Finally, we will send our authentication response with the actual POST
data.  This will allow us to authenticate without draining the POST data
in the initial request that gets us a 401.





When we're authenticating with a connection-based authentication scheme
(NTLM, Negotiate), we need to make sure that we're still connected
between the initial GET where we did the authentication and the POST
that we're about to send.  Our keep-alive session may have not kept
alive, but more likely, some servers do not authenticate the entire
keep-alive connection and may have "forgotten" that we were
authenticated, namely Apache and nginx.

Send a "probe" packet, that is an HTTP POST request to the upload-pack
or receive-pack endpoint, that consists of an empty git pkt ("0000").
If we're authenticated, we'll get a 200 back.  If we're not, we'll get a
401 back, and then we'll resend that probe packet with the first step of
our authentication (asking to start authentication with the given
scheme).  We expect _yet another_ 401 back, with the authentication
challenge.

Finally, we will send our authentication response with the actual POST
data.  This will allow us to authenticate without draining the POST data
in the initial request that gets us a 401.







http: use the new httpclient
2020-01-24T16:39:51+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-22T22:12:24+00:00

b9c5b15a7958ab4ecb83504a6d858efd18610297

Untangle the notion of the http transport from the actual http
implementation.  The http transport now uses the httpclient.





Untangle the notion of the http transport from the actual http
implementation.  The http transport now uses the httpclient.







httpclient: support expect/continue
2020-01-24T16:16:36+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-10-25T11:22:10+00:00

7372573b5f1113b8522e2588fac1c529ddcedb0a

Allow users to opt-in to expect/continue handling when sending a POST
and we're authenticated with a "connection-based" authentication
mechanism like NTLM or Negotiate.

If the response is a 100, return to the caller (to allow them to post
their body).  If the response is *not* a 100, buffer the response for
the caller.

HTTP expect/continue is generally safe, but some legacy servers
have not implemented it correctly.  Require it to be opt-in.





Allow users to opt-in to expect/continue handling when sending a POST
and we're authenticated with a "connection-based" authentication
mechanism like NTLM or Negotiate.

If the response is a 100, return to the caller (to allow them to post
their body).  If the response is *not* a 100, buffer the response for
the caller.

HTTP expect/continue is generally safe, but some legacy servers
have not implemented it correctly.  Require it to be opt-in.







httpclient: support CONNECT proxies
2020-01-24T16:16:36+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-14T13:32:07+00:00

6c21c989a3b8cba20ad8cbe806937071a1923832

Fully support HTTP proxies, in particular CONNECT proxies, that allow us
to speak TLS through a proxy.





Fully support HTTP proxies, in particular CONNECT proxies, that allow us
to speak TLS through a proxy.







httpclient: handle chunked responses
2020-01-24T16:16:36+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-18T10:55:28+00:00

6b2088363f6e6b4fea24939286eb108cfc999c77

Detect responses that are sent with Transfer-Encoding: chunked, and
record that information so that we can consume the entire message body.





Detect responses that are sent with Transfer-Encoding: chunked, and
record that information so that we can consume the entire message body.







httpclient: support authentication
2020-01-24T16:16:36+00:00

Edward Thomson
ethomson@edwardthomson.com

2019-12-14T00:04:36+00:00

6a095679c83922d5b7e72a06882fe99de3bd4db6

Store the last-seen credential challenges (eg, all the
'WWW-Authenticate' headers in a response message).  Given some
credentials, find the best (first) challenge whose mechanism supports
these credentials.  (eg, 'Basic' supports username/password credentials,
'Negotiate' supports default credentials).

Set up an authentication context for this mechanism and these
credentials.  Continue exchanging challenge/responses until we're
authenticated.





Store the last-seen credential challenges (eg, all the
'WWW-Authenticate' headers in a response message).  Given some
credentials, find the best (first) challenge whose mechanism supports
these credentials.  (eg, 'Basic' supports username/password credentials,
'Negotiate' supports default credentials).

Set up an authentication context for this mechanism and these
credentials.  Continue exchanging challenge/responses until we're
authenticated.