From: Nelson Benitez Leon <nelsonjesus.benitez@seap•minhap.es>
To: Jeff King <peff@peff•net>
Cc: git@vger•kernel.org
Subject: Re: [PATCH 2/6] http: handle proxy proactive authentication
Date: Fri, 04 May 2012 13:10:38 +0200 [thread overview]
Message-ID: <4FA3B92E.3000200@seap.minhap.es> (raw)
In-Reply-To: <20120504071632.GB21895@sigill.intra.peff.net>
On 05/04/2012 09:16 AM, Jeff King wrote:
> On Thu, May 03, 2012 at 06:39:54PM +0200, Nelson Benitez Leon wrote:
>
>> If http_proactive_auth flag is set and there is a username
>> but no password in the proxy url, then interactively ask for
>> the password.
>>
>> This makes possible to not have the password written down in
>> http_proxy env var or in http.proxy config option.
>>
>> Also take care that CURLOPT_PROXY don't include username or
>> password, as we now set them in the new set_proxy_auth() function
>> where we use their specific cURL options.
>
> Do we actually need to do that? If we set CURLOPT_PROXYUSERNAME, will
> curl ignore it in favor of what's in the URL? I ask, because there is a
> bug here:
>
>> @@ -351,8 +366,19 @@ static CURL *get_curl_handle(const char *url)
>> }
>>
>> if (curl_http_proxy) {
>> - curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
>> + struct strbuf proxyhost = STRBUF_INIT;
>> +
>> + if (!proxy_auth.host) /* check to parse only once */
>> + credential_from_url(&proxy_auth, curl_http_proxy);
>> +
>> + if (http_proactive_auth && proxy_auth.username && !proxy_auth.password)
>> + /* proxy string has username but no password, ask for password */
>> + credential_fill(&proxy_auth);
>> +
>> + strbuf_addf(&proxyhost, "%s://%s", proxy_auth.protocol, proxy_auth.host);
>> + curl_easy_setopt(result, CURLOPT_PROXY, strbuf_detach(&proxyhost, NULL));
>
> When you parse the URL via credential_from_url, the components you get
> will have any URL-encoding removed. So when you regenerate the URL in
> the proxyhost variable, you would need to re-encode.
Can a hostname has url-encoded parts? I thought that was only for the
request uri (/somedir/somefile.php) or the query string ('?var1=val'),
I'm only using the hostname here as a proxy server never has more than
that, apart from the port number.
next prev parent reply other threads:[~2012-05-04 10:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-03 16:39 [PATCH 2/6] http: handle proxy proactive authentication Nelson Benitez Leon
2012-05-04 7:16 ` Jeff King
2012-05-04 11:10 ` Nelson Benitez Leon [this message]
2012-05-04 10:51 ` Jeff King
2012-05-04 13:55 ` Nelson Benitez Leon
2012-05-04 13:55 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FA3B92E.3000200@seap.minhap.es \
--to=nelsonjesus.benitez@seap$(echo .)minhap.es \
--cc=git@vger$(echo .)kernel.org \
--cc=peff@peff$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox