undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support FTP-over-SSL/TLS for regular FTP

Browse Source 
Add a boolean http.sslTry option which allows to enable AUTH SSL/TLS and
encrypted data transfers when connecting via regular FTP protocol.

Default is false since it might trigger certificate verification errors on
misconfigured servers.

Signed-off-by: Modestas Vainius <modestas@vainius.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Modestas Vainius 2013-04-07 22:10:39 +03:00 committed by Junio C Hamano
parent 5234b41f68
commit 4bc444eb64
3 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/config.txt
View File

@ -1447,6 +1447,14 @@ http.sslCAPath::
with when fetching or pushing over HTTPS. Can be overridden with when fetching or pushing over HTTPS. Can be overridden
by the 'GIT_SSL_CAPATH' environment variable. by the 'GIT_SSL_CAPATH' environment variable.
http.sslTry::
Attempt to use AUTH SSL/TLS and encrypted data transfers
when connecting via regular FTP protocol. This might be needed
if the FTP server requires it for security reasons or you wish
to connect securely whenever remote FTP server supports it.
Default is false since it might trigger certificate verification
errors on misconfigured servers.
http.maxRequests:: http.maxRequests::
How many HTTP requests to launch in parallel. Can be overridden How many HTTP requests to launch in parallel. Can be overridden
by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5. by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5.

10
http.c
View File

@ -30,6 +30,7 @@ static CURL *curl_default;
char curl_errorstr[CURL_ERROR_SIZE]; char curl_errorstr[CURL_ERROR_SIZE];
static int curl_ssl_verify = -1; static int curl_ssl_verify = -1;
static int curl_ssl_try;
static const char *ssl_cert; static const char *ssl_cert;
#if LIBCURL_VERSION_NUM >= 0x070903 #if LIBCURL_VERSION_NUM >= 0x070903
static const char *ssl_key; static const char *ssl_key;
@ -162,6 +163,10 @@ static int http_options(const char *var, const char *value, void *cb)
ssl_cert_password_required = 1; ssl_cert_password_required = 1;
return 0; return 0;
} }
if (!strcmp("http.ssltry", var)) {
curl_ssl_try = git_config_bool(var, value);
return 0;
}
if (!strcmp("http.minsessions", var)) { if (!strcmp("http.minsessions", var)) {
min_curl_sessions = git_config_int(var, value); min_curl_sessions = git_config_int(var, value);
#ifndef USE_CURL_MULTI #ifndef USE_CURL_MULTI
@ -306,6 +311,11 @@ static CURL *get_curl_handle(void)
if (curl_ftp_no_epsv) if (curl_ftp_no_epsv)
curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
#ifdef CURLOPT_USE_SSL
if (curl_ssl_try)
curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY);
#endif
if (curl_http_proxy) { if (curl_http_proxy) {
curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);

9
http.h
View File

@ -42,6 +42,15 @@
#define NO_CURL_IOCTL #define NO_CURL_IOCTL
#endif #endif
/*
* CURLOPT_USE_SSL was known as CURLOPT_FTP_SSL up to 7.16.4,
* and the constants were known as CURLFTPSSL_*
*/
#if !defined(CURLOPT_USE_SSL) && defined(CURLOPT_FTP_SSL)
#define CURLOPT_USE_SSL CURLOPT_FTP_SSL
#define CURLUSESSL_TRY CURLFTPSSL_TRY
#endif
struct slot_results { struct slot_results {
CURLcode curl_result; CURLcode curl_result;
long http_code; long http_code;