From: "Ricky Davidson via GitGitGadget" <gitgitgadget@gmail•com>
To: git@vger•kernel.org
Cc: Ricky Davidson <Ricky.Davidson@hii-tsd•com>,
Ricky Davidson <Ricky.Davidson@hii-tsd•com>
Subject: [PATCH] http: document sslcert and sslkey types and extend to proxy
Date: Thu, 20 Apr 2023 17:51:44 +0000 [thread overview]
Message-ID: <pull.1520.git.1682013104508.gitgitgadget@gmail.com> (raw)
From: Ricky Davidson <Ricky.Davidson@hii-tsd•com>
0a01d41 added http.sslCertType and http.sslKeyType, but:
1. does not document the feature.
2. does not apply to SSL proxy equivalents.
Documents http.sslCertType and http.sslKeyType. Implements
http.proxySSLCertType. Same for http.sslKeyType and
http.proxySSLKeyType equivalents and related environment
variables.
Signed-off-by: Ricky Davidson <Ricky.Davidson@hii-tsd•com>
---
[PATCH] http: document sslcert and sslkey types and extend to proxy
0a01d41ee4ca7f8afb75219f46f4f1c573465075 wonderfully added
http.sslCertType and http.sslKeyType, but has a couple problems:
1. does not document the feature.
2. does not apply to SSL proxy equivalents.
Documents http.sslCertType and http.sslKeyType. Implements
http.proxySSLCertType. Same for http.sslKeyType and http.proxySSLKeyType
equivalents and related environment variables.
Signed-off-by: Ricky Davidson Ricky.Davidson@hii-tsd•com
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1520%2FRicky-Davidson-hii-tsd%2Fmaster-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1520/Ricky-Davidson-hii-tsd/master-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1520
Documentation/config/http.txt | 24 ++++++++++++++++++++++++
http.c | 12 ++++++++++++
2 files changed, 36 insertions(+)
diff --git a/Documentation/config/http.txt b/Documentation/config/http.txt
index afeeccfbfa7..10a53930e5f 100644
--- a/Documentation/config/http.txt
+++ b/Documentation/config/http.txt
@@ -34,11 +34,23 @@ http.proxySSLCert::
with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment
variable.
+http.proxySSLCertType::
+ Format of the client certificate used to authenticate with an HTTPS proxy.
+ Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
+ a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
+ variable.
+
http.proxySSLKey::
The pathname of a file that stores a private key to use to authenticate with
an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment
variable.
+http.proxySSLKeyType::
+ Format of the client private key used to authenticate with an HTTPS proxy.
+ Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
+ a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
+ variable.
+
http.proxySSLCertPasswordProtected::
Enable Git's password prompt for the proxy SSL certificate. Otherwise OpenSSL
will prompt the user, possibly many times, if the certificate or private key
@@ -161,11 +173,23 @@ http.sslCert::
over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
variable.
+http.sslCertType::
+ Format of the SSL certificate used to authenticate over HTTPS.
+ Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
+ a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
+ variable.
+
http.sslKey::
File containing the SSL private key when fetching or pushing
over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
variable.
+http.sslKeyType::
+ Format of the SSL private key used to authenticate over HTTPS.
+ Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
+ a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
+ variable.
+
http.sslCertPasswordProtected::
Enable Git's password prompt for the SSL certificate. Otherwise
OpenSSL will prompt the user, possibly many times, if the
diff --git a/http.c b/http.c
index d5d82c5230f..bee4ea64115 100644
--- a/http.c
+++ b/http.c
@@ -74,7 +74,9 @@ static const char *curl_http_proxy;
static const char *http_proxy_authmethod;
static const char *http_proxy_ssl_cert;
+static const char *http_proxy_ssl_cert_type;
static const char *http_proxy_ssl_key;
+static const char *http_proxy_ssl_key_type;
static const char *http_proxy_ssl_ca_info;
static struct credential proxy_cert_auth = CREDENTIAL_INIT;
static int proxy_ssl_cert_password_required;
@@ -441,9 +443,13 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.proxysslcert", var))
return git_config_string(&http_proxy_ssl_cert, var, value);
+ if (!strcmp("http.proxysslcerttype", var))
+ return git_config_string(&http_proxy_ssl_cert_type, var, value);
if (!strcmp("http.proxysslkey", var))
return git_config_string(&http_proxy_ssl_key, var, value);
+ if (!strcmp("http.proxysslkeytype", var))
+ return git_config_string(&http_proxy_ssl_key_type, var, value);
if (!strcmp("http.proxysslcainfo", var))
return git_config_string(&http_proxy_ssl_ca_info, var, value);
@@ -1146,9 +1152,13 @@ static CURL *get_curl_handle(void)
if (http_proxy_ssl_cert)
curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert);
+ if (http_proxy_ssl_cert_type)
+ curl_easy_setopt(result, CURLOPT_PROXY_SSLCERTTYPE, http_proxy_ssl_cert_type);
if (http_proxy_ssl_key)
curl_easy_setopt(result, CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key);
+ if (http_proxy_ssl_key_type)
+ curl_easy_setopt(result, CURLOPT_PROXY_SSLKEYTYPE, http_proxy_ssl_key_type);
if (has_proxy_cert_password())
curl_easy_setopt(result, CURLOPT_PROXY_KEYPASSWD, proxy_cert_auth.password);
@@ -1285,7 +1295,9 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
max_requests = DEFAULT_MAX_REQUESTS;
set_from_env(&http_proxy_ssl_cert, "GIT_PROXY_SSL_CERT");
+ set_from_env(&http_proxy_ssl_cert_type, "GIT_PROXY_SSL_CERT_TYPE");
set_from_env(&http_proxy_ssl_key, "GIT_PROXY_SSL_KEY");
+ set_from_env(&http_proxy_ssl_key_type, "GIT_PROXY_SSL_KEY_TYPE");
set_from_env(&http_proxy_ssl_ca_info, "GIT_PROXY_SSL_CAINFO");
if (getenv("GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED"))
base-commit: 667fcf4e15379790f0b609d6a83d578e69f20301
--
gitgitgadget
next reply other threads:[~2023-04-20 17:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 17:51 Ricky Davidson via GitGitGadget [this message]
2023-04-20 18:12 ` [PATCH v2] http: document sslcert and sslkey types and extend to proxy Ricky Davidson via GitGitGadget
2023-04-20 19:43 ` Junio C Hamano
2023-04-20 20:11 ` [PATCH v3] " Ricky Davidson via GitGitGadget
2023-04-20 21:14 ` EXT :[PATCH " Davidson, Ricky (HII-Mission Technologies)
2023-04-21 0:47 ` [PATCH " Ramsay Jones
2023-04-21 3:18 ` EXT :Re: " Davidson, Ricky (HII-Mission Technologies)
2023-04-21 3:35 ` [PATCH v4] " Ricky Davidson via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1520.git.1682013104508.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail$(echo .)com \
--cc=Ricky.Davidson@hii-tsd$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox