undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

http: add support for different sslcert and sslkey types.

Browse Source 
Basically git work with default curl ssl type - PEM. But for support
eTokens like SafeNet tokens via pksc11 need setup 'ENG' as sslcert type
and as sslkey type. So there added additional options for http to make
that possible.

Signed-off-by: Stanislav Malishevskiy <stanislav.malishevskiy@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Stanislav Malishevskiy 2023-03-20 15:48:49 +00:00 committed by Junio C Hamano
parent 73876f4861
commit 0a01d41ee4
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http.c
View File

@ -39,6 +39,7 @@ static int curl_ssl_verify = -1;
static int curl_ssl_try; static int curl_ssl_try;
static const char *curl_http_version = NULL; static const char *curl_http_version = NULL;
static const char *ssl_cert; static const char *ssl_cert;
static const char *ssl_cert_type;
static const char *ssl_cipherlist; static const char *ssl_cipherlist;
static const char *ssl_version; static const char *ssl_version;
static struct { static struct {
@ -58,6 +59,7 @@ static struct {
#endif #endif
}; };
static const char *ssl_key; static const char *ssl_key;
static const char *ssl_key_type;
static const char *ssl_capath; static const char *ssl_capath;
static const char *curl_no_proxy; static const char *curl_no_proxy;
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY #ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
@ -264,8 +266,12 @@ static int http_options(const char *var, const char *value, void *cb)
return git_config_string(&ssl_version, var, value); return git_config_string(&ssl_version, var, value);
if (!strcmp("http.sslcert", var)) if (!strcmp("http.sslcert", var))
return git_config_pathname(&ssl_cert, var, value); return git_config_pathname(&ssl_cert, var, value);
if (!strcmp("http.sslcerttype", var))
return git_config_string(&ssl_cert_type, var, value);
if (!strcmp("http.sslkey", var)) if (!strcmp("http.sslkey", var))
return git_config_pathname(&ssl_key, var, value); return git_config_pathname(&ssl_key, var, value);
if (!strcmp("http.sslkeytype", var))
return git_config_string(&ssl_key_type, var, value);
if (!strcmp("http.sslcapath", var)) if (!strcmp("http.sslcapath", var))
return git_config_pathname(&ssl_capath, var, value); return git_config_pathname(&ssl_capath, var, value);
if (!strcmp("http.sslcainfo", var)) if (!strcmp("http.sslcainfo", var))
@ -904,10 +910,14 @@ static CURL *get_curl_handle(void)
if (ssl_cert) if (ssl_cert)
curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
if (ssl_cert_type)
curl_easy_setopt(result, CURLOPT_SSLCERTTYPE, ssl_cert_type);
if (has_cert_password()) if (has_cert_password())
curl_easy_setopt(result, CURLOPT_KEYPASSWD, cert_auth.password); curl_easy_setopt(result, CURLOPT_KEYPASSWD, cert_auth.password);
if (ssl_key) if (ssl_key)
curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key); curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
if (ssl_key_type)
curl_easy_setopt(result, CURLOPT_SSLKEYTYPE, ssl_key_type);
if (ssl_capath) if (ssl_capath)
curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath); curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY #ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
@ -1142,7 +1152,9 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
curl_ssl_verify = 0; curl_ssl_verify = 0;
set_from_env(&ssl_cert, "GIT_SSL_CERT"); set_from_env(&ssl_cert, "GIT_SSL_CERT");
set_from_env(&ssl_cert_type, "GIT_SSL_CERT_TYPE");
set_from_env(&ssl_key, "GIT_SSL_KEY"); set_from_env(&ssl_key, "GIT_SSL_KEY");
set_from_env(&ssl_key_type, "GIT_SSL_KEY_TYPE");
set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");