delta/git.git/http.c, branch jk/string-list-static-init github.com: git/git.git Merge branch 'bn/http-cookiefile-config' 2016-05-17T21:38:18+00:00 Junio C Hamano gitster@pobox.com 2016-05-17T21:38:18+00:00 459000ef630f99c5f94c92110a5305240a9ef281 "http.cookieFile" configuration variable clearly wants a pathname, but we forgot to treat it as such by e.g. applying tilde expansion. * bn/http-cookiefile-config: http: expand http.cookieFile as a path Documentation: config: improve word ordering for http.cookieFile 
"http.cookieFile" configuration variable clearly wants a pathname,
but we forgot to treat it as such by e.g. applying tilde expansion.

* bn/http-cookiefile-config:
  http: expand http.cookieFile as a path
  Documentation: config: improve word ordering for http.cookieFile
Merge branch 'js/http-custom-headers' 2016-05-06T21:45:43+00:00 Junio C Hamano gitster@pobox.com 2016-05-06T21:45:43+00:00 e250f495b248ec0bbe493e40c98a10414cfa1eef HTTP transport clients learned to throw extra HTTP headers at the server, specified via http.extraHeader configuration variable. * js/http-custom-headers: http: support sending custom HTTP headers 
HTTP transport clients learned to throw extra HTTP headers at the
server, specified via http.extraHeader configuration variable.

* js/http-custom-headers:
  http: support sending custom HTTP headers
http: expand http.cookieFile as a path 2016-05-04T22:59:26+00:00 Brian Norris computersforpeace@gmail.com 2016-05-04T18:42:15+00:00 e5a39ad8e67d61f1f7dfb6ef9d9127a8b11da72c This should handle .gitconfig files that specify things like: [http] cookieFile = "~/.gitcookies" Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 
This should handle .gitconfig files that specify things like:

[http]
	cookieFile = "~/.gitcookies"

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http: support sending custom HTTP headers 2016-04-27T21:02:33+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2016-04-27T12:20:37+00:00 8cb01e2fd3a50b6d0893dfb066183f16a3c7a355 We introduce a way to send custom HTTP headers with all requests. This allows us, for example, to send an extra token from build agents for temporary access to private repositories. (This is the use case that triggered this patch.) This feature can be used like this: git -c http.extraheader='Secret: sssh!' fetch $URL $REF Note that `curl_easy_setopt(..., CURLOPT_HTTPHEADER, ...)` takes only a single list, overriding any previous call. This means we have to collect _all_ of the headers we want to use into a single list, and feed it to cURL in one shot. Since we already unconditionally set a "pragma" header when initializing the curl handles, we can add our new headers to that list. For callers which override the default header list (like probe_rpc), we provide `http_copy_default_headers()` so they can do the same trick. Big thanks to Jeff King and Junio Hamano for their outstanding help and patient reviews. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Reviewed-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 
We introduce a way to send custom HTTP headers with all requests.

This allows us, for example, to send an extra token from build agents
for temporary access to private repositories. (This is the use case that
triggered this patch.)

This feature can be used like this:

	git -c http.extraheader='Secret: sssh!' fetch $URL $REF

Note that `curl_easy_setopt(..., CURLOPT_HTTPHEADER, ...)` takes only
a single list, overriding any previous call. This means we have to
collect _all_ of the headers we want to use into a single list, and
feed it to cURL in one shot. Since we already unconditionally set a
"pragma" header when initializing the curl handles, we can add our new
headers to that list.

For callers which override the default header list (like probe_rpc),
we provide `http_copy_default_headers()` so they can do the same
trick.

Big thanks to Jeff King and Junio Hamano for their outstanding help and
patient reviews.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'jc/http-socks5h' 2016-04-22T22:45:09+00:00 Junio C Hamano gitster@pobox.com 2016-04-22T22:45:09+00:00 1c4f47690074de3c27c1a2124779bfe2898f295d The socks5:// proxy support added back in 2.6.4 days was not aware that socks5h:// proxies behave differently. * jc/http-socks5h: http: differentiate socks5:// and socks5h:// 
The socks5:// proxy support added back in 2.6.4 days was not aware
that socks5h:// proxies behave differently.

* jc/http-socks5h:
  http: differentiate socks5:// and socks5h://
http: differentiate socks5:// and socks5h:// 2016-04-10T18:03:17+00:00 Junio C Hamano gitster@pobox.com 2016-04-08T19:16:06+00:00 87f8a0b279def4da439b5e0e41f517a05ef110f0 Felix Ruess <felix.ruess@gmail.com> noticed that with configuration $ git config --global 'http.proxy=socks5h://127.0.0.1:1080' connections to remote sites time out, waiting for DNS resolution. The logic to detect various flavours of SOCKS proxy and ask the libcurl layer to use appropriate one understands the proxy string that begin with socks5, socks4a, etc., but does not know socks5h, and we end up using CURLPROXY_SOCKS5. The correct one to use is CURLPROXY_SOCKS5_HOSTNAME. https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html says ..., socks5h:// (the last one to enable socks5 and asking the proxy to do the resolving, also known as CURLPROXY_SOCKS5_HOSTNAME type). which is consistent with the way the breakage was reported. Tested-by: Felix Ruess <felix.ruess@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 
Felix Ruess <felix.ruess@gmail.com> noticed that with configuration

    $ git config --global 'http.proxy=socks5h://127.0.0.1:1080'

connections to remote sites time out, waiting for DNS resolution.

The logic to detect various flavours of SOCKS proxy and ask the
libcurl layer to use appropriate one understands the proxy string
that begin with socks5, socks4a, etc., but does not know socks5h,
and we end up using CURLPROXY_SOCKS5.  The correct one to use is
CURLPROXY_SOCKS5_HOSTNAME.

https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html says

  ..., socks5h:// (the last one to enable socks5 and asking the
  proxy to do the resolving, also known as CURLPROXY_SOCKS5_HOSTNAME
  type).

which is consistent with the way the breakage was reported.

Tested-by: Felix Ruess <felix.ruess@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'jx/http-no-proxy' 2016-03-10T18:56:43+00:00 Junio C Hamano gitster@pobox.com 2016-03-10T18:56:43+00:00 f4a48e870892b18a7205c9315821e4b6a831ade4 * jx/http-no-proxy: http: honor no_http env variable to bypass proxy 
* jx/http-no-proxy:
  http: honor no_http env variable to bypass proxy
http: honor no_http env variable to bypass proxy 2016-02-29T19:28:39+00:00 Jiang Xin xin.jiang@huawei.com 2016-02-29T15:16:57+00:00 d445fda44dbf031dccdfd384b2418ea50988a756 Curl and its families honor several proxy related environment variables: * http_proxy and https_proxy define proxy for http/https connections. * no_proxy (a comma separated hosts) defines hosts bypass the proxy. This command will bypass the bad-proxy and connect to the host directly: no_proxy=* https_proxy=http://bad-proxy/ \ curl -sk https://google.com/ Before commit 372370f (http: use credential API to handle proxy auth...), Environment variable "no_proxy" will take effect if the config variable "http.proxy" is not set. So the following comamnd won't fail if not behind a firewall. no_proxy=* https_proxy=http://bad-proxy/ \ git ls-remote https://github.com/git/git But commit 372370f not only read git config variable "http.proxy", but also read "http_proxy" and "https_proxy" environment variables, and set the curl option using: curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host); This caused "no_proxy" environment variable not working any more. Set extra curl option "CURLOPT_NOPROXY" will fix this issue. Signed-off-by: Jiang Xin <xin.jiang@huawei.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 
Curl and its families honor several proxy related environment variables:

* http_proxy and https_proxy define proxy for http/https connections.
* no_proxy (a comma separated hosts) defines hosts bypass the proxy.

This command will bypass the bad-proxy and connect to the host directly:

    no_proxy=* https_proxy=http://bad-proxy/ \
    curl -sk https://google.com/

Before commit 372370f (http: use credential API to handle proxy auth...),
Environment variable "no_proxy" will take effect if the config variable
"http.proxy" is not set.  So the following comamnd won't fail if not
behind a firewall.

    no_proxy=* https_proxy=http://bad-proxy/ \
    git ls-remote https://github.com/git/git

But commit 372370f not only read git config variable "http.proxy", but
also read "http_proxy" and "https_proxy" environment variables, and set
the curl option using:

    curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);

This caused "no_proxy" environment variable not working any more.

Set extra curl option "CURLOPT_NOPROXY" will fix this issue.

Signed-off-by: Jiang Xin <xin.jiang@huawei.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'ce/https-public-key-pinning' 2016-02-24T21:25:58+00:00 Junio C Hamano gitster@pobox.com 2016-02-24T21:25:58+00:00 e79112d21024beb997951381db21a70b087d459d You can now set http.[<url>.]pinnedpubkey to specify the pinned public key when building with recent enough versions of libcURL. * ce/https-public-key-pinning: http: implement public key pinning 
You can now set http.[<url>.]pinnedpubkey to specify the pinned
public key when building with recent enough versions of libcURL.

* ce/https-public-key-pinning:
  http: implement public key pinning
Merge branch 'bc/http-empty-auth' 2016-02-24T21:25:57+00:00 Junio C Hamano gitster@pobox.com 2016-02-24T21:25:57+00:00 65ba75ba7daae3298139f18cf866a23d01f4dd48 Some authentication methods do not need username or password, but libcurl needs some hint that it needs to perform authentication. Supplying an empty username and password string is a valid way to do so, but you can set the http.[<url>.]emptyAuth configuration variable to achieve the same, if you find it cleaner. * bc/http-empty-auth: http: add option to try authentication without username 
Some authentication methods do not need username or password, but
libcurl needs some hint that it needs to perform authentication.
Supplying an empty username and password string is a valid way to
do so, but you can set the http.[<url>.]emptyAuth configuration
variable to achieve the same, if you find it cleaner.

* bc/http-empty-auth:
  http: add option to try authentication without username