undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ls/http-ssl-cipher-list'

Browse Source 
Introduce http.<url>.SSLCipherList configuration variable to tweak
the list of cipher suite to be used with libcURL when talking with
https:// sites.

* ls/http-ssl-cipher-list:
  http: add support for specifying an SSL cipher list
This commit is contained in:
Junio C Hamano 2015-05-22 12:41:45 -07:00
commit 39fa79178f
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Documentation/config.txt
View File

@ -1569,6 +1569,19 @@ http.saveCookies::
If set, store cookies received during requests to the file specified by If set, store cookies received during requests to the file specified by
http.cookieFile. Has no effect if http.cookieFile is unset. http.cookieFile. Has no effect if http.cookieFile is unset.
http.sslCipherList::
A list of SSL ciphers to use when negotiating an SSL connection.
The available ciphers depend on whether libcurl was built against
NSS or OpenSSL and the particular configuration of the crypto
library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST'
option; see the libcurl documentation for more details on the format
of this list.
+
Can be overridden by the 'GIT_SSL_CIPHER_LIST' environment variable.
To force git to use libcurl's default cipher list and ignore any
explicit http.sslCipherList option, set 'GIT_SSL_CIPHER_LIST' to the
empty string.
http.sslVerify:: http.sslVerify::
Whether to verify the SSL certificate when fetching or pushing Whether to verify the SSL certificate when fetching or pushing
over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment

1
contrib/completion/git-completion.bash
View File

@ -2122,6 +2122,7 @@ _git_config ()
http.noEPSV http.noEPSV
http.postBuffer http.postBuffer
http.proxy http.proxy
http.sslCipherList
http.sslCAInfo http.sslCAInfo
http.sslCAPath http.sslCAPath
http.sslCert http.sslCert

10
http.c
View File

@ -36,6 +36,7 @@ char curl_errorstr[CURL_ERROR_SIZE];
static int curl_ssl_verify = -1; static int curl_ssl_verify = -1;
static int curl_ssl_try; static int curl_ssl_try;
static const char *ssl_cert; static const char *ssl_cert;
static const char *ssl_cipherlist;
#if LIBCURL_VERSION_NUM >= 0x070903 #if LIBCURL_VERSION_NUM >= 0x070903
static const char *ssl_key; static const char *ssl_key;
#endif #endif
@ -187,6 +188,8 @@ static int http_options(const char *var, const char *value, void *cb)
curl_ssl_verify = git_config_bool(var, value); curl_ssl_verify = git_config_bool(var, value);
return 0; return 0;
} }
if (!strcmp("http.sslcipherlist", var))
return git_config_string(&ssl_cipherlist, var, value);
if (!strcmp("http.sslcert", var)) if (!strcmp("http.sslcert", var))
return git_config_string(&ssl_cert, var, value); return git_config_string(&ssl_cert, var, value);
#if LIBCURL_VERSION_NUM >= 0x070903 #if LIBCURL_VERSION_NUM >= 0x070903
@ -361,6 +364,13 @@ static CURL *get_curl_handle(void)
if (http_proactive_auth) if (http_proactive_auth)
init_curl_http_auth(result); init_curl_http_auth(result);
if (getenv("GIT_SSL_CIPHER_LIST"))
ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST");
if (ssl_cipherlist != NULL && *ssl_cipherlist)
curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST,
ssl_cipherlist);
if (ssl_cert != NULL) if (ssl_cert != NULL)
curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
if (has_cert_password()) if (has_cert_password())