delta/libgit2.git/tests/online/clone.c, branch ethomson/https_proxy github.com: libgit2/libgit2.git winhttp: support default credentials for proxies 2019-06-10T18:58:22+00:00 Edward Thomson ethomson@edwardthomson.com 2019-03-11T20:36:09+00:00 3d11b6c5a283a4c83c208186491d88ddd60b10cf We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials. 
We did not properly support default credentials for proxies, only for
destination servers.  Refactor the credential handling to support sending
either username/password _or_ default credentials to either the proxy or
the destination server.

This actually shares the authentication logic between proxy servers and
destination servers.  Due to copy/pasta drift over time, they had
diverged.  Now they share a common logic which is: first, use
credentials specified in the URL (if there were any), treating empty
username and password (ie, "http://:@foo.com/") as default credentials,
for compatibility with git.  Next, call the credential callbacks.
Finally, fallback to WinHTTP compatibility layers using built-in
authentication like we always have.

Allowing default credentials for proxies requires moving the security
level downgrade into the credential setting routines themselves.
We will update our security level to "high" by default which means that
we will never send default credentials without prompting.  (A lower
setting, like the WinHTTP default of "medium" would allow WinHTTP to
handle credentials for us, despite what a user may have requested with
their structures.)  Now we start with "high" and downgrade to "low" only
after a user has explicitly requested default credentials.
network: don't add arbitrary url rules 2019-06-10T18:58:22+00:00 Edward Thomson ethomson@edwardthomson.com 2019-03-11T12:56:09+00:00 757411a0a5e14cbedea638ebdf70d2ffcdcd2931 There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified. 
There's no reason a git repository couldn't be at the root of a server,
and URLs should have an implicit path of '/' when one is not specified.
online tests: use gitlab for auth failures 2019-06-05T18:19:14+00:00 Edward Thomson ethomson@edwardthomson.com 2019-06-05T18:19:14+00:00 e66a4eb37cf3d8c369e662c60fdb0b3cfc459d8e GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision. 
GitHub recently changed their behavior from returning 401s for private
or nonexistent repositories on a clone to returning 404s.  For our tests
that require an auth failure (and 401), move to GitLab to request a
missing repository.  This lets us continue to test our auth failure
case, at least until they decide to mimic that decision.
indexer: use git_indexer_progress throughout 2019-02-22T11:25:14+00:00 Edward Thomson ethomson@edwardthomson.com 2019-02-21T10:33:30+00:00 a1ef995dc03379fb1f5151b5d98d16644218c95e Update internal usage of `git_transfer_progress` to `git_indexer_progreses`. 
Update internal usage of `git_transfer_progress` to
`git_indexer_progreses`.
git_error: use new names in internal APIs and usage 2019-01-22T22:30:35+00:00 Edward Thomson ethomson@edwardthomson.com 2018-12-27T19:47:34+00:00 f673e232afe22eb865cdc915e55a2df6493f0fbb Move to the `git_error` name in the internal API for error-related functions. 
Move to the `git_error` name in the internal API for error-related
functions.
references: use new names in internal usage 2019-01-17T10:32:29+00:00 Edward Thomson ethomson@edwardthomson.com 2019-01-17T00:32:31+00:00 ed8cfbf04181d6fc229582a09c5c7657a53cd2e3 Update internal usage to use the `git_reference` names for constants. 
Update internal usage to use the `git_reference` names for constants.
proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected 2019-01-14T17:14:36+00:00 Jason Haslam jason@scitools.com 2019-01-14T17:14:36+00:00 35d86c775bb9ec7ee85afe90176cb278e56872a2 






tests: optionally ignore https cert validation
2018-11-28T15:46:57+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-10-29T10:45:59+00:00

45054732a4232a27953de212cd068619a0f8b723

For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints.  For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.

Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.





For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints.  For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.

Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.







proxy tests: rename credential callback
2018-11-28T15:46:57+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-11-18T21:53:48+00:00

6ba3e6affc73b84f6cd2cadf476c0e0c5e58e404

Rename credential callback to proxy_cred_cb to match new cert callback.





Rename credential callback to proxy_cred_cb to match new cert callback.







proxy tests: support self-signed proxy cert
2018-11-28T15:46:57+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-10-22T16:35:35+00:00

394ae7e10131a932def325fc3fc715056a784757

Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything).  In that case, simply compare the hostname
from the callback to the hostname that we connected to.





Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything).  In that case, simply compare the hostname
from the callback to the hostname that we connected to.