]>
Commit | Line | Data |
---|---|---|
ad308479 NTND |
1 | http.proxy:: |
2 | Override the HTTP proxy, normally configured using the 'http_proxy', | |
3 | 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In | |
4 | addition to the syntax understood by curl, it is possible to specify a | |
5 | proxy string with a user name but no password, in which case git will | |
6 | attempt to acquire one in the same way it does for other credentials. See | |
7 | linkgit:gitcredentials[7] for more information. The syntax thus is | |
8 | '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden | |
9 | on a per-remote basis; see remote.<name>.proxy | |
10 | ||
11 | http.proxyAuthMethod:: | |
12 | Set the method with which to authenticate against the HTTP proxy. This | |
13 | only takes effect if the configured proxy string contains a user name part | |
14 | (i.e. is of the form 'user@host' or 'user@host:port'). This can be | |
15 | overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`. | |
16 | Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment | |
17 | variable. Possible values are: | |
18 | + | |
19 | -- | |
20 | * `anyauth` - Automatically pick a suitable authentication method. It is | |
21 | assumed that the proxy answers an unauthenticated request with a 407 | |
22 | status code and one or more Proxy-authenticate headers with supported | |
23 | authentication methods. This is the default. | |
24 | * `basic` - HTTP Basic authentication | |
25 | * `digest` - HTTP Digest authentication; this prevents the password from being | |
26 | transmitted to the proxy in clear text | |
27 | * `negotiate` - GSS-Negotiate authentication (compare the --negotiate option | |
28 | of `curl(1)`) | |
29 | * `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`) | |
30 | -- | |
31 | ||
88238e02 JLS |
32 | http.proxySSLCert:: |
33 | The pathname of a file that stores a client certificate to use to authenticate | |
af026519 JLS |
34 | with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment |
35 | variable. | |
88238e02 JLS |
36 | |
37 | http.proxySSLKey:: | |
38 | The pathname of a file that stores a private key to use to authenticate with | |
af026519 JLS |
39 | an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment |
40 | variable. | |
88238e02 JLS |
41 | |
42 | http.proxySSLCertPasswordProtected:: | |
43 | Enable Git's password prompt for the proxy SSL certificate. Otherwise OpenSSL | |
44 | will prompt the user, possibly many times, if the certificate or private key | |
7efc3782 | 45 | is encrypted. Can be overridden by the `GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED` |
af026519 | 46 | environment variable. |
88238e02 JLS |
47 | |
48 | http.proxySSLCAInfo:: | |
49 | Pathname to the file containing the certificate bundle that should be used to | |
7efc3782 | 50 | verify the proxy with when using an HTTPS proxy. Can be overridden by the |
af026519 | 51 | `GIT_PROXY_SSL_CAINFO` environment variable. |
88238e02 | 52 | |
ad308479 NTND |
53 | http.emptyAuth:: |
54 | Attempt authentication without seeking a username or password. This | |
55 | can be used to attempt GSS-Negotiate authentication without specifying | |
56 | a username in the URL, as libcurl normally requires a username for | |
57 | authentication. | |
58 | ||
59 | http.delegation:: | |
60 | Control GSSAPI credential delegation. The delegation is disabled | |
61 | by default in libcurl since version 7.21.7. Set parameter to tell | |
62 | the server what it is allowed to delegate when it comes to user | |
63 | credentials. Used with GSS/kerberos. Possible values are: | |
64 | + | |
65 | -- | |
66 | * `none` - Don't allow any delegation. | |
67 | * `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the | |
68 | Kerberos service ticket, which is a matter of realm policy. | |
69 | * `always` - Unconditionally allow the server to delegate. | |
70 | -- | |
71 | ||
72 | ||
73 | http.extraHeader:: | |
74 | Pass an additional HTTP header when communicating with a server. If | |
75 | more than one such entry exists, all of them are added as extra | |
76 | headers. To allow overriding the settings inherited from the system | |
77 | config, an empty value will reset the extra headers to the empty list. | |
78 | ||
79 | http.cookieFile:: | |
80 | The pathname of a file containing previously stored cookie lines, | |
81 | which should be used | |
82 | in the Git http session, if they match the server. The file format | |
83 | of the file to read cookies from should be plain HTTP headers or | |
84 | the Netscape/Mozilla cookie file format (see `curl(1)`). | |
85 | NOTE that the file specified with http.cookieFile is used only as | |
86 | input unless http.saveCookies is set. | |
87 | ||
88 | http.saveCookies:: | |
89 | If set, store cookies received during requests to the file specified by | |
90 | http.cookieFile. Has no effect if http.cookieFile is unset. | |
91 | ||
13d99192 JH |
92 | http.version:: |
93 | Use the specified HTTP protocol version when communicating with a server. | |
94 | If you want to force the default. The available and default version depend | |
856249c6 | 95 | on libcurl. Currently the possible values of |
13d99192 JH |
96 | this option are: |
97 | ||
98 | - HTTP/2 | |
99 | - HTTP/1.1 | |
100 | ||
511cfd3b CC |
101 | http.curloptResolve:: |
102 | Hostname resolution information that will be used first by | |
103 | libcurl when sending HTTP requests. This information should | |
104 | be in one of the following formats: | |
105 | ||
106 | - [+]HOST:PORT:ADDRESS[,ADDRESS] | |
107 | - -HOST:PORT | |
108 | ||
109 | + | |
110 | The first format redirects all requests to the given `HOST:PORT` | |
111 | to the provided `ADDRESS`(s). The second format clears all | |
112 | previous config values for that `HOST:PORT` combination. To | |
113 | allow easy overriding of all the settings inherited from the | |
114 | system config, an empty value will reset all resolution | |
115 | information to the empty list. | |
116 | ||
ad308479 NTND |
117 | http.sslVersion:: |
118 | The SSL version to use when negotiating an SSL connection, if you | |
119 | want to force the default. The available and default version | |
120 | depend on whether libcurl was built against NSS or OpenSSL and the | |
121 | particular configuration of the crypto library in use. Internally | |
122 | this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl | |
123 | documentation for more details on the format of this option and | |
856249c6 | 124 | for the ssl version supported. Currently the possible values of |
ad308479 NTND |
125 | this option are: |
126 | ||
127 | - sslv2 | |
128 | - sslv3 | |
129 | - tlsv1 | |
130 | - tlsv1.0 | |
131 | - tlsv1.1 | |
132 | - tlsv1.2 | |
133 | - tlsv1.3 | |
134 | ||
135 | + | |
136 | Can be overridden by the `GIT_SSL_VERSION` environment variable. | |
137 | To force git to use libcurl's default ssl version and ignore any | |
138 | explicit http.sslversion option, set `GIT_SSL_VERSION` to the | |
139 | empty string. | |
140 | ||
141 | http.sslCipherList:: | |
142 | A list of SSL ciphers to use when negotiating an SSL connection. | |
143 | The available ciphers depend on whether libcurl was built against | |
144 | NSS or OpenSSL and the particular configuration of the crypto | |
145 | library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' | |
146 | option; see the libcurl documentation for more details on the format | |
147 | of this list. | |
148 | + | |
149 | Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable. | |
150 | To force git to use libcurl's default cipher list and ignore any | |
151 | explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the | |
152 | empty string. | |
153 | ||
154 | http.sslVerify:: | |
155 | Whether to verify the SSL certificate when fetching or pushing | |
156 | over HTTPS. Defaults to true. Can be overridden by the | |
157 | `GIT_SSL_NO_VERIFY` environment variable. | |
158 | ||
159 | http.sslCert:: | |
160 | File containing the SSL certificate when fetching or pushing | |
161 | over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment | |
162 | variable. | |
163 | ||
164 | http.sslKey:: | |
165 | File containing the SSL private key when fetching or pushing | |
166 | over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment | |
167 | variable. | |
168 | ||
169 | http.sslCertPasswordProtected:: | |
170 | Enable Git's password prompt for the SSL certificate. Otherwise | |
171 | OpenSSL will prompt the user, possibly many times, if the | |
172 | certificate or private key is encrypted. Can be overridden by the | |
173 | `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable. | |
174 | ||
175 | http.sslCAInfo:: | |
176 | File containing the certificates to verify the peer with when | |
177 | fetching or pushing over HTTPS. Can be overridden by the | |
178 | `GIT_SSL_CAINFO` environment variable. | |
179 | ||
180 | http.sslCAPath:: | |
181 | Path containing files with the CA certificates to verify the peer | |
182 | with when fetching or pushing over HTTPS. Can be overridden | |
183 | by the `GIT_SSL_CAPATH` environment variable. | |
184 | ||
185 | http.sslBackend:: | |
186 | Name of the SSL backend to use (e.g. "openssl" or "schannel"). | |
187 | This option is ignored if cURL lacks support for choosing the SSL | |
188 | backend at runtime. | |
189 | ||
190 | http.schannelCheckRevoke:: | |
191 | Used to enforce or disable certificate revocation checks in cURL | |
192 | when http.sslBackend is set to "schannel". Defaults to `true` if | |
193 | unset. Only necessary to disable this if Git consistently errors | |
194 | and the message is about checking the revocation status of a | |
195 | certificate. This option is ignored if cURL lacks support for | |
196 | setting the relevant SSL option at runtime. | |
197 | ||
198 | http.schannelUseSSLCAInfo:: | |
199 | As of cURL v7.60.0, the Secure Channel backend can use the | |
200 | certificate bundle provided via `http.sslCAInfo`, but that would | |
201 | override the Windows Certificate Store. Since this is not desirable | |
202 | by default, Git will tell cURL not to use that bundle by default | |
203 | when the `schannel` backend was configured via `http.sslBackend`, | |
204 | unless `http.schannelUseSSLCAInfo` overrides this behavior. | |
205 | ||
b4eda05d | 206 | http.pinnedPubkey:: |
ad308479 NTND |
207 | Public key of the https service. It may either be the filename of |
208 | a PEM or DER encoded public key file or a string starting with | |
209 | 'sha256//' followed by the base64 encoded sha256 hash of the | |
210 | public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will | |
211 | exit with an error if this option is set but not supported by | |
212 | cURL. | |
213 | ||
214 | http.sslTry:: | |
215 | Attempt to use AUTH SSL/TLS and encrypted data transfers | |
216 | when connecting via regular FTP protocol. This might be needed | |
217 | if the FTP server requires it for security reasons or you wish | |
218 | to connect securely whenever remote FTP server supports it. | |
219 | Default is false since it might trigger certificate verification | |
220 | errors on misconfigured servers. | |
221 | ||
222 | http.maxRequests:: | |
223 | How many HTTP requests to launch in parallel. Can be overridden | |
224 | by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5. | |
225 | ||
226 | http.minSessions:: | |
227 | The number of curl sessions (counted across slots) to be kept across | |
228 | requests. They will not be ended with curl_easy_cleanup() until | |
229 | http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this | |
230 | value will be capped at 1. Defaults to 1. | |
231 | ||
232 | http.postBuffer:: | |
233 | Maximum size in bytes of the buffer used by smart HTTP | |
234 | transports when POSTing data to the remote system. | |
235 | For requests larger than this buffer size, HTTP/1.1 and | |
236 | Transfer-Encoding: chunked is used to avoid creating a | |
237 | massive pack file locally. Default is 1 MiB, which is | |
238 | sufficient for most requests. | |
7a2dc95c | 239 | + |
240 | Note that raising this limit is only effective for disabling chunked | |
241 | transfer encoding and therefore should be used only where the remote | |
242 | server or a proxy only supports HTTP/1.0 or is noncompliant with the | |
243 | HTTP standard. Raising this is not, in general, an effective solution | |
244 | for most push problems, but can increase memory consumption | |
245 | significantly since the entire buffer is allocated even for small | |
246 | pushes. | |
ad308479 NTND |
247 | |
248 | http.lowSpeedLimit, http.lowSpeedTime:: | |
0aefe4c8 CG |
249 | If the HTTP transfer speed, in bytes per second, is less than |
250 | 'http.lowSpeedLimit' for longer than 'http.lowSpeedTime' seconds, | |
251 | the transfer is aborted. | |
ad308479 NTND |
252 | Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and |
253 | `GIT_HTTP_LOW_SPEED_TIME` environment variables. | |
254 | ||
255 | http.noEPSV:: | |
256 | A boolean which disables using of EPSV ftp command by curl. | |
257 | This can helpful with some "poor" ftp servers which don't | |
258 | support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV` | |
259 | environment variable. Default is false (curl will use EPSV). | |
260 | ||
261 | http.userAgent:: | |
262 | The HTTP USER_AGENT string presented to an HTTP server. The default | |
263 | value represents the version of the client Git such as git/1.7.1. | |
264 | This option allows you to override this value to a more common value | |
265 | such as Mozilla/4.0. This may be necessary, for instance, if | |
266 | connecting through a firewall that restricts HTTP connections to a set | |
267 | of common USER_AGENT strings (but not including those like git/1.7.1). | |
268 | Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. | |
269 | ||
270 | http.followRedirects:: | |
271 | Whether git should follow HTTP redirects. If set to `true`, git | |
272 | will transparently follow any redirect issued by a server it | |
273 | encounters. If set to `false`, git will treat all redirects as | |
274 | errors. If set to `initial`, git will follow redirects only for | |
275 | the initial request to a remote, but not for subsequent | |
276 | follow-up HTTP requests. Since git uses the redirected URL as | |
277 | the base for the follow-up requests, this is generally | |
278 | sufficient. The default is `initial`. | |
279 | ||
280 | http.<url>.*:: | |
281 | Any of the http.* options above can be applied selectively to some URLs. | |
282 | For a config key to match a URL, each element of the config key is | |
283 | compared to that of the URL, in the following order: | |
284 | + | |
285 | -- | |
286 | . Scheme (e.g., `https` in `https://example.com/`). This field | |
287 | must match exactly between the config key and the URL. | |
288 | ||
289 | . Host/domain name (e.g., `example.com` in `https://example.com/`). | |
290 | This field must match between the config key and the URL. It is | |
291 | possible to specify a `*` as part of the host name to match all subdomains | |
292 | at this level. `https://*.example.com/` for example would match | |
293 | `https://foo.example.com/`, but not `https://foo.bar.example.com/`. | |
294 | ||
295 | . Port number (e.g., `8080` in `http://example.com:8080/`). | |
296 | This field must match exactly between the config key and the URL. | |
297 | Omitted port numbers are automatically converted to the correct | |
298 | default for the scheme before matching. | |
299 | ||
300 | . Path (e.g., `repo.git` in `https://example.com/repo.git`). The | |
301 | path field of the config key must match the path field of the URL | |
302 | either exactly or as a prefix of slash-delimited path elements. This means | |
303 | a config key with path `foo/` matches URL path `foo/bar`. A prefix can only | |
304 | match on a slash (`/`) boundary. Longer matches take precedence (so a config | |
305 | key with path `foo/bar` is a better match to URL path `foo/bar` than a config | |
306 | key with just path `foo/`). | |
307 | ||
308 | . User name (e.g., `user` in `https://user@example.com/repo.git`). If | |
309 | the config key has a user name it must match the user name in the | |
310 | URL exactly. If the config key does not have a user name, that | |
311 | config key will match a URL with any user name (including none), | |
312 | but at a lower precedence than a config key with a user name. | |
313 | -- | |
314 | + | |
315 | The list above is ordered by decreasing precedence; a URL that matches | |
316 | a config key's path is preferred to one that matches its user name. For example, | |
317 | if the URL is `https://user@example.com/foo/bar` a config key match of | |
318 | `https://example.com/foo` will be preferred over a config key match of | |
319 | `https://user@example.com`. | |
320 | + | |
321 | All URLs are normalized before attempting any matching (the password part, | |
322 | if embedded in the URL, is always ignored for matching purposes) so that | |
323 | equivalent URLs that are simply spelled differently will match properly. | |
324 | Environment variable settings always override any matches. The URLs that are | |
325 | matched against are those given directly to Git commands. This means any URLs | |
326 | visited as a result of a redirection do not participate in matching. |