http: centralize the accounting of libcurl dependencies
As discussed in644de29e22
(http: drop support for curl < 7.19.4, 2021-07-30) checking against LIBCURL_VERSION_NUM isn't as reliable as checking specific symbols present in curl, as some distros have been known to backport features. However, while some of the curl_easy_setopt() arguments we rely on are macros, others are enum, and we can't assume that those that are macros won't change into enums in the future. So we're still going to have to check LIBCURL_VERSION_NUM, but by doing that in one central place and using a macro definition of our own, anyone who's backporting features can define it themselves, and thus have access to more modern curl features that they backported, even if they didn't bump the LIBCURL_VERSION_NUM. More importantly, as shown in a preceding commit doing these version checks makes for hard to read and possibly buggy code, as shown by the bug fixed there where we were conflating base 10 for base 16 when comparing the version. By doing them all in one place we'll hopefully reduce the chances of such future mistakes, furthermore it now becomes easier to see at a glance what the oldest supported version is, which makes it easier to reason about any future deprecation similar to the recente48a623dea
(Merge branch 'ab/http-drop-old-curl', 2021-08-24). Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
905a028804
commit
e4ff3b67c2
117
git-curl-compat.h
Normal file
117
git-curl-compat.h
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
#ifndef GIT_CURL_COMPAT_H
|
||||||
|
#define GIT_CURL_COMPAT_H
|
||||||
|
#include <curl/curl.h>
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This header centralizes the declaration of our libcurl dependencies
|
||||||
|
* to make it easy to discover the oldest versions we support, and to
|
||||||
|
* inform decisions about removing support for older libcurl in the
|
||||||
|
* future.
|
||||||
|
*
|
||||||
|
* The oldest supported version of curl is documented in the "INSTALL"
|
||||||
|
* document.
|
||||||
|
*
|
||||||
|
* The source of truth for what versions have which symbols is
|
||||||
|
* https://github.com/curl/curl/blob/master/docs/libcurl/symbols-in-versions;
|
||||||
|
* the release dates are taken from curl.git (at
|
||||||
|
* https://github.com/curl/curl/).
|
||||||
|
*
|
||||||
|
* For each X symbol we need from curl we define our own
|
||||||
|
* GIT_CURL_HAVE_X. If multiple similar symbols with the same prefix
|
||||||
|
* were defined in the same version we pick one and check for that name.
|
||||||
|
*
|
||||||
|
* Keep any symbols in date order of when their support was
|
||||||
|
* introduced, oldest first, in the official version of cURL library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLOPT_TCP_KEEPALIVE was added in 7.25.0, released in March 2012.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x071900
|
||||||
|
#define GITCURL_HAVE_CURLOPT_TCP_KEEPALIVE 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLOPT_LOGIN_OPTIONS was added in 7.34.0, released in December
|
||||||
|
* 2013.
|
||||||
|
*
|
||||||
|
* If we start requiring 7.34.0 we might also be able to remove the
|
||||||
|
* code conditional on USE_CURL_FOR_IMAP_SEND in imap-send.c, see
|
||||||
|
* 1e16b255b95 (git-imap-send: use libcurl for implementation,
|
||||||
|
* 2014-11-09) and the check it added for "072200" in the Makefile.
|
||||||
|
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x072200
|
||||||
|
#define GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURL_SSLVERSION_TLSv1_[012] was added in 7.34.0, released in
|
||||||
|
* December 2013.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x072200
|
||||||
|
#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November
|
||||||
|
* 2014.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x072c00
|
||||||
|
#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015.
|
||||||
|
*
|
||||||
|
* The CURL_HTTP_VERSION_2 alias (but not CURL_HTTP_VERSION_2_0) has
|
||||||
|
* always been a macro, not an enum field (checked on curl version
|
||||||
|
* 7.78.0)
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x072b00
|
||||||
|
#define GIT_CURL_HAVE_CURL_HTTP_VERSION_2 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLSSLOPT_NO_REVOKE was added in 7.44.0, released in August 2015.
|
||||||
|
*
|
||||||
|
* The CURLSSLOPT_NO_REVOKE is, has always been a macro, not an enum
|
||||||
|
* field (checked on curl version 7.78.0)
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x072c00
|
||||||
|
#define GIT_CURL_HAVE_CURLSSLOPT_NO_REVOKE 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLOPT_PROXY_CAINFO was added in 7.52.0, released in August 2017.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
||||||
|
#define GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLOPT_PROXY_{KEYPASSWD,SSLCERT,SSLKEY} was added in 7.52.0,
|
||||||
|
* released in August 2017.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
||||||
|
#define GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURL_SSLVERSION_TLSv1_3 was added in 7.53.0, released in February
|
||||||
|
* 2017.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
||||||
|
#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CURLSSLSET_{NO_BACKENDS,OK,TOO_LATE,UNKNOWN_BACKEND} were added in
|
||||||
|
* 7.56.0, released in September 2017.
|
||||||
|
*/
|
||||||
|
#if LIBCURL_VERSION_NUM >= 0x073800
|
||||||
|
#define GIT_CURL_HAVE_CURLSSLSET_NO_BACKENDS
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif
|
29
http.c
29
http.c
@ -1,4 +1,5 @@
|
|||||||
#include "git-compat-util.h"
|
#include "git-compat-util.h"
|
||||||
|
#include "git-curl-compat.h"
|
||||||
#include "http.h"
|
#include "http.h"
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "pack.h"
|
#include "pack.h"
|
||||||
@ -47,19 +48,19 @@ static struct {
|
|||||||
{ "sslv2", CURL_SSLVERSION_SSLv2 },
|
{ "sslv2", CURL_SSLVERSION_SSLv2 },
|
||||||
{ "sslv3", CURL_SSLVERSION_SSLv3 },
|
{ "sslv3", CURL_SSLVERSION_SSLv3 },
|
||||||
{ "tlsv1", CURL_SSLVERSION_TLSv1 },
|
{ "tlsv1", CURL_SSLVERSION_TLSv1 },
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072200
|
#ifdef GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_0
|
||||||
{ "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
|
{ "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
|
||||||
{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
|
{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
|
||||||
{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
|
{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
|
||||||
#endif
|
#endif
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073400
|
#ifdef GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3
|
||||||
{ "tlsv1.3", CURL_SSLVERSION_TLSv1_3 },
|
{ "tlsv1.3", CURL_SSLVERSION_TLSv1_3 },
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
static const char *ssl_key;
|
static const char *ssl_key;
|
||||||
static const char *ssl_capath;
|
static const char *ssl_capath;
|
||||||
static const char *curl_no_proxy;
|
static const char *curl_no_proxy;
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072700
|
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||||
static const char *ssl_pinnedkey;
|
static const char *ssl_pinnedkey;
|
||||||
#endif
|
#endif
|
||||||
static const char *ssl_cainfo;
|
static const char *ssl_cainfo;
|
||||||
@ -373,7 +374,7 @@ static int http_options(const char *var, const char *value, void *cb)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!strcmp("http.pinnedpubkey", var)) {
|
if (!strcmp("http.pinnedpubkey", var)) {
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072700
|
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||||
return git_config_pathname(&ssl_pinnedkey, var, value);
|
return git_config_pathname(&ssl_pinnedkey, var, value);
|
||||||
#else
|
#else
|
||||||
warning(_("Public key pinning not supported with cURL < 7.39.0"));
|
warning(_("Public key pinning not supported with cURL < 7.39.0"));
|
||||||
@ -500,7 +501,7 @@ static int has_cert_password(void)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073400
|
#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD
|
||||||
static int has_proxy_cert_password(void)
|
static int has_proxy_cert_password(void)
|
||||||
{
|
{
|
||||||
if (http_proxy_ssl_cert == NULL || proxy_ssl_cert_password_required != 1)
|
if (http_proxy_ssl_cert == NULL || proxy_ssl_cert_password_required != 1)
|
||||||
@ -516,7 +517,7 @@ static int has_proxy_cert_password(void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LIBCURL_VERSION_NUM >= 0x071900
|
#ifdef GITCURL_HAVE_CURLOPT_TCP_KEEPALIVE
|
||||||
static void set_curl_keepalive(CURL *c)
|
static void set_curl_keepalive(CURL *c)
|
||||||
{
|
{
|
||||||
curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1);
|
curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1);
|
||||||
@ -732,7 +733,7 @@ static long get_curl_allowed_protocols(int from_user)
|
|||||||
return allowed_protocols;
|
return allowed_protocols;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LIBCURL_VERSION_NUM >=0x072b00
|
#ifdef GIT_CURL_HAVE_CURL_HTTP_VERSION_2
|
||||||
static int get_curl_http_version_opt(const char *version_string, long *opt)
|
static int get_curl_http_version_opt(const char *version_string, long *opt)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
@ -774,7 +775,7 @@ static CURL *get_curl_handle(void)
|
|||||||
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
|
curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072b00
|
#ifdef GIT_CURL_HAVE_CURL_HTTP_VERSION_2
|
||||||
if (curl_http_version) {
|
if (curl_http_version) {
|
||||||
long opt;
|
long opt;
|
||||||
if (!get_curl_http_version_opt(curl_http_version, &opt)) {
|
if (!get_curl_http_version_opt(curl_http_version, &opt)) {
|
||||||
@ -805,7 +806,7 @@ static CURL *get_curl_handle(void)
|
|||||||
|
|
||||||
if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
|
if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
|
||||||
!http_schannel_check_revoke) {
|
!http_schannel_check_revoke) {
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072c00
|
#ifdef GIT_CURL_HAVE_CURLSSLOPT_NO_REVOKE
|
||||||
curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
|
curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
|
||||||
#else
|
#else
|
||||||
warning(_("CURLSSLOPT_NO_REVOKE not supported with cURL < 7.44.0"));
|
warning(_("CURLSSLOPT_NO_REVOKE not supported with cURL < 7.44.0"));
|
||||||
@ -845,20 +846,20 @@ static CURL *get_curl_handle(void)
|
|||||||
curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
|
curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
|
||||||
if (ssl_capath != NULL)
|
if (ssl_capath != NULL)
|
||||||
curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
|
curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
|
||||||
#if LIBCURL_VERSION_NUM >= 0x072700
|
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||||
if (ssl_pinnedkey != NULL)
|
if (ssl_pinnedkey != NULL)
|
||||||
curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
|
curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
|
||||||
#endif
|
#endif
|
||||||
if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
|
if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
|
||||||
!http_schannel_use_ssl_cainfo) {
|
!http_schannel_use_ssl_cainfo) {
|
||||||
curl_easy_setopt(result, CURLOPT_CAINFO, NULL);
|
curl_easy_setopt(result, CURLOPT_CAINFO, NULL);
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073400
|
#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO
|
||||||
curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, NULL);
|
curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, NULL);
|
||||||
#endif
|
#endif
|
||||||
} else if (ssl_cainfo != NULL || http_proxy_ssl_ca_info != NULL) {
|
} else if (ssl_cainfo != NULL || http_proxy_ssl_ca_info != NULL) {
|
||||||
if (ssl_cainfo != NULL)
|
if (ssl_cainfo != NULL)
|
||||||
curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
|
curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073400
|
#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO
|
||||||
if (http_proxy_ssl_ca_info != NULL)
|
if (http_proxy_ssl_ca_info != NULL)
|
||||||
curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, http_proxy_ssl_ca_info);
|
curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, http_proxy_ssl_ca_info);
|
||||||
#endif
|
#endif
|
||||||
@ -939,7 +940,7 @@ static CURL *get_curl_handle(void)
|
|||||||
else if (starts_with(curl_http_proxy, "socks"))
|
else if (starts_with(curl_http_proxy, "socks"))
|
||||||
curl_easy_setopt(result,
|
curl_easy_setopt(result,
|
||||||
CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
|
CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073400
|
#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD
|
||||||
else if (starts_with(curl_http_proxy, "https")) {
|
else if (starts_with(curl_http_proxy, "https")) {
|
||||||
curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
|
curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
|
||||||
|
|
||||||
@ -1004,7 +1005,7 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
|
|||||||
free(normalized_url);
|
free(normalized_url);
|
||||||
string_list_clear(&config.vars, 1);
|
string_list_clear(&config.vars, 1);
|
||||||
|
|
||||||
#if LIBCURL_VERSION_NUM >= 0x073800
|
#ifdef GIT_CURL_HAVE_CURLSSLSET_NO_BACKENDS
|
||||||
if (http_ssl_backend) {
|
if (http_ssl_backend) {
|
||||||
const curl_ssl_backend **backends;
|
const curl_ssl_backend **backends;
|
||||||
struct strbuf buf = STRBUF_INIT;
|
struct strbuf buf = STRBUF_INIT;
|
||||||
|
@ -1441,7 +1441,7 @@ static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred)
|
|||||||
curl_easy_setopt(curl, CURLOPT_PORT, server.port);
|
curl_easy_setopt(curl, CURLOPT_PORT, server.port);
|
||||||
|
|
||||||
if (server.auth_method) {
|
if (server.auth_method) {
|
||||||
#if LIBCURL_VERSION_NUM < 0x072200
|
#ifndef GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS
|
||||||
warning("No LOGIN_OPTIONS support in this cURL version");
|
warning("No LOGIN_OPTIONS support in this cURL version");
|
||||||
#else
|
#else
|
||||||
struct strbuf auth = STRBUF_INIT;
|
struct strbuf auth = STRBUF_INIT;
|
||||||
|
Loading…
Reference in New Issue
Block a user