]>
Commit | Line | Data |
---|---|---|
ad308479 NTND |
1 | http.proxy:: |
2 | Override the HTTP proxy, normally configured using the 'http_proxy', | |
3 | 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In | |
4 | addition to the syntax understood by curl, it is possible to specify a | |
5 | proxy string with a user name but no password, in which case git will | |
6 | attempt to acquire one in the same way it does for other credentials. See | |
7 | linkgit:gitcredentials[7] for more information. The syntax thus is | |
8 | '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden | |
9 | on a per-remote basis; see remote.<name>.proxy | |
10 | ||
11 | http.proxyAuthMethod:: | |
12 | Set the method with which to authenticate against the HTTP proxy. This | |
13 | only takes effect if the configured proxy string contains a user name part | |
14 | (i.e. is of the form 'user@host' or 'user@host:port'). This can be | |
15 | overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`. | |
16 | Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment | |
17 | variable. Possible values are: | |
18 | + | |
19 | -- | |
20 | * `anyauth` - Automatically pick a suitable authentication method. It is | |
21 | assumed that the proxy answers an unauthenticated request with a 407 | |
22 | status code and one or more Proxy-authenticate headers with supported | |
23 | authentication methods. This is the default. | |
24 | * `basic` - HTTP Basic authentication | |
25 | * `digest` - HTTP Digest authentication; this prevents the password from being | |
26 | transmitted to the proxy in clear text | |
27 | * `negotiate` - GSS-Negotiate authentication (compare the --negotiate option | |
28 | of `curl(1)`) | |
29 | * `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`) | |
30 | -- | |
31 | ||
32 | http.emptyAuth:: | |
33 | Attempt authentication without seeking a username or password. This | |
34 | can be used to attempt GSS-Negotiate authentication without specifying | |
35 | a username in the URL, as libcurl normally requires a username for | |
36 | authentication. | |
37 | ||
38 | http.delegation:: | |
39 | Control GSSAPI credential delegation. The delegation is disabled | |
40 | by default in libcurl since version 7.21.7. Set parameter to tell | |
41 | the server what it is allowed to delegate when it comes to user | |
42 | credentials. Used with GSS/kerberos. Possible values are: | |
43 | + | |
44 | -- | |
45 | * `none` - Don't allow any delegation. | |
46 | * `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the | |
47 | Kerberos service ticket, which is a matter of realm policy. | |
48 | * `always` - Unconditionally allow the server to delegate. | |
49 | -- | |
50 | ||
51 | ||
52 | http.extraHeader:: | |
53 | Pass an additional HTTP header when communicating with a server. If | |
54 | more than one such entry exists, all of them are added as extra | |
55 | headers. To allow overriding the settings inherited from the system | |
56 | config, an empty value will reset the extra headers to the empty list. | |
57 | ||
58 | http.cookieFile:: | |
59 | The pathname of a file containing previously stored cookie lines, | |
60 | which should be used | |
61 | in the Git http session, if they match the server. The file format | |
62 | of the file to read cookies from should be plain HTTP headers or | |
63 | the Netscape/Mozilla cookie file format (see `curl(1)`). | |
64 | NOTE that the file specified with http.cookieFile is used only as | |
65 | input unless http.saveCookies is set. | |
66 | ||
67 | http.saveCookies:: | |
68 | If set, store cookies received during requests to the file specified by | |
69 | http.cookieFile. Has no effect if http.cookieFile is unset. | |
70 | ||
13d99192 JH |
71 | http.version:: |
72 | Use the specified HTTP protocol version when communicating with a server. | |
73 | If you want to force the default. The available and default version depend | |
856249c6 | 74 | on libcurl. Currently the possible values of |
13d99192 JH |
75 | this option are: |
76 | ||
77 | - HTTP/2 | |
78 | - HTTP/1.1 | |
79 | ||
ad308479 NTND |
80 | http.sslVersion:: |
81 | The SSL version to use when negotiating an SSL connection, if you | |
82 | want to force the default. The available and default version | |
83 | depend on whether libcurl was built against NSS or OpenSSL and the | |
84 | particular configuration of the crypto library in use. Internally | |
85 | this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl | |
86 | documentation for more details on the format of this option and | |
856249c6 | 87 | for the ssl version supported. Currently the possible values of |
ad308479 NTND |
88 | this option are: |
89 | ||
90 | - sslv2 | |
91 | - sslv3 | |
92 | - tlsv1 | |
93 | - tlsv1.0 | |
94 | - tlsv1.1 | |
95 | - tlsv1.2 | |
96 | - tlsv1.3 | |
97 | ||
98 | + | |
99 | Can be overridden by the `GIT_SSL_VERSION` environment variable. | |
100 | To force git to use libcurl's default ssl version and ignore any | |
101 | explicit http.sslversion option, set `GIT_SSL_VERSION` to the | |
102 | empty string. | |
103 | ||
104 | http.sslCipherList:: | |
105 | A list of SSL ciphers to use when negotiating an SSL connection. | |
106 | The available ciphers depend on whether libcurl was built against | |
107 | NSS or OpenSSL and the particular configuration of the crypto | |
108 | library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' | |
109 | option; see the libcurl documentation for more details on the format | |
110 | of this list. | |
111 | + | |
112 | Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable. | |
113 | To force git to use libcurl's default cipher list and ignore any | |
114 | explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the | |
115 | empty string. | |
116 | ||
117 | http.sslVerify:: | |
118 | Whether to verify the SSL certificate when fetching or pushing | |
119 | over HTTPS. Defaults to true. Can be overridden by the | |
120 | `GIT_SSL_NO_VERIFY` environment variable. | |
121 | ||
122 | http.sslCert:: | |
123 | File containing the SSL certificate when fetching or pushing | |
124 | over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment | |
125 | variable. | |
126 | ||
127 | http.sslKey:: | |
128 | File containing the SSL private key when fetching or pushing | |
129 | over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment | |
130 | variable. | |
131 | ||
132 | http.sslCertPasswordProtected:: | |
133 | Enable Git's password prompt for the SSL certificate. Otherwise | |
134 | OpenSSL will prompt the user, possibly many times, if the | |
135 | certificate or private key is encrypted. Can be overridden by the | |
136 | `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable. | |
137 | ||
138 | http.sslCAInfo:: | |
139 | File containing the certificates to verify the peer with when | |
140 | fetching or pushing over HTTPS. Can be overridden by the | |
141 | `GIT_SSL_CAINFO` environment variable. | |
142 | ||
143 | http.sslCAPath:: | |
144 | Path containing files with the CA certificates to verify the peer | |
145 | with when fetching or pushing over HTTPS. Can be overridden | |
146 | by the `GIT_SSL_CAPATH` environment variable. | |
147 | ||
148 | http.sslBackend:: | |
149 | Name of the SSL backend to use (e.g. "openssl" or "schannel"). | |
150 | This option is ignored if cURL lacks support for choosing the SSL | |
151 | backend at runtime. | |
152 | ||
153 | http.schannelCheckRevoke:: | |
154 | Used to enforce or disable certificate revocation checks in cURL | |
155 | when http.sslBackend is set to "schannel". Defaults to `true` if | |
156 | unset. Only necessary to disable this if Git consistently errors | |
157 | and the message is about checking the revocation status of a | |
158 | certificate. This option is ignored if cURL lacks support for | |
159 | setting the relevant SSL option at runtime. | |
160 | ||
161 | http.schannelUseSSLCAInfo:: | |
162 | As of cURL v7.60.0, the Secure Channel backend can use the | |
163 | certificate bundle provided via `http.sslCAInfo`, but that would | |
164 | override the Windows Certificate Store. Since this is not desirable | |
165 | by default, Git will tell cURL not to use that bundle by default | |
166 | when the `schannel` backend was configured via `http.sslBackend`, | |
167 | unless `http.schannelUseSSLCAInfo` overrides this behavior. | |
168 | ||
169 | http.pinnedpubkey:: | |
170 | Public key of the https service. It may either be the filename of | |
171 | a PEM or DER encoded public key file or a string starting with | |
172 | 'sha256//' followed by the base64 encoded sha256 hash of the | |
173 | public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will | |
174 | exit with an error if this option is set but not supported by | |
175 | cURL. | |
176 | ||
177 | http.sslTry:: | |
178 | Attempt to use AUTH SSL/TLS and encrypted data transfers | |
179 | when connecting via regular FTP protocol. This might be needed | |
180 | if the FTP server requires it for security reasons or you wish | |
181 | to connect securely whenever remote FTP server supports it. | |
182 | Default is false since it might trigger certificate verification | |
183 | errors on misconfigured servers. | |
184 | ||
185 | http.maxRequests:: | |
186 | How many HTTP requests to launch in parallel. Can be overridden | |
187 | by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5. | |
188 | ||
189 | http.minSessions:: | |
190 | The number of curl sessions (counted across slots) to be kept across | |
191 | requests. They will not be ended with curl_easy_cleanup() until | |
192 | http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this | |
193 | value will be capped at 1. Defaults to 1. | |
194 | ||
195 | http.postBuffer:: | |
196 | Maximum size in bytes of the buffer used by smart HTTP | |
197 | transports when POSTing data to the remote system. | |
198 | For requests larger than this buffer size, HTTP/1.1 and | |
199 | Transfer-Encoding: chunked is used to avoid creating a | |
200 | massive pack file locally. Default is 1 MiB, which is | |
201 | sufficient for most requests. | |
7a2dc95c | 202 | + |
203 | Note that raising this limit is only effective for disabling chunked | |
204 | transfer encoding and therefore should be used only where the remote | |
205 | server or a proxy only supports HTTP/1.0 or is noncompliant with the | |
206 | HTTP standard. Raising this is not, in general, an effective solution | |
207 | for most push problems, but can increase memory consumption | |
208 | significantly since the entire buffer is allocated even for small | |
209 | pushes. | |
ad308479 NTND |
210 | |
211 | http.lowSpeedLimit, http.lowSpeedTime:: | |
212 | If the HTTP transfer speed is less than 'http.lowSpeedLimit' | |
213 | for longer than 'http.lowSpeedTime' seconds, the transfer is aborted. | |
214 | Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and | |
215 | `GIT_HTTP_LOW_SPEED_TIME` environment variables. | |
216 | ||
217 | http.noEPSV:: | |
218 | A boolean which disables using of EPSV ftp command by curl. | |
219 | This can helpful with some "poor" ftp servers which don't | |
220 | support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV` | |
221 | environment variable. Default is false (curl will use EPSV). | |
222 | ||
223 | http.userAgent:: | |
224 | The HTTP USER_AGENT string presented to an HTTP server. The default | |
225 | value represents the version of the client Git such as git/1.7.1. | |
226 | This option allows you to override this value to a more common value | |
227 | such as Mozilla/4.0. This may be necessary, for instance, if | |
228 | connecting through a firewall that restricts HTTP connections to a set | |
229 | of common USER_AGENT strings (but not including those like git/1.7.1). | |
230 | Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. | |
231 | ||
232 | http.followRedirects:: | |
233 | Whether git should follow HTTP redirects. If set to `true`, git | |
234 | will transparently follow any redirect issued by a server it | |
235 | encounters. If set to `false`, git will treat all redirects as | |
236 | errors. If set to `initial`, git will follow redirects only for | |
237 | the initial request to a remote, but not for subsequent | |
238 | follow-up HTTP requests. Since git uses the redirected URL as | |
239 | the base for the follow-up requests, this is generally | |
240 | sufficient. The default is `initial`. | |
241 | ||
242 | http.<url>.*:: | |
243 | Any of the http.* options above can be applied selectively to some URLs. | |
244 | For a config key to match a URL, each element of the config key is | |
245 | compared to that of the URL, in the following order: | |
246 | + | |
247 | -- | |
248 | . Scheme (e.g., `https` in `https://example.com/`). This field | |
249 | must match exactly between the config key and the URL. | |
250 | ||
251 | . Host/domain name (e.g., `example.com` in `https://example.com/`). | |
252 | This field must match between the config key and the URL. It is | |
253 | possible to specify a `*` as part of the host name to match all subdomains | |
254 | at this level. `https://*.example.com/` for example would match | |
255 | `https://foo.example.com/`, but not `https://foo.bar.example.com/`. | |
256 | ||
257 | . Port number (e.g., `8080` in `http://example.com:8080/`). | |
258 | This field must match exactly between the config key and the URL. | |
259 | Omitted port numbers are automatically converted to the correct | |
260 | default for the scheme before matching. | |
261 | ||
262 | . Path (e.g., `repo.git` in `https://example.com/repo.git`). The | |
263 | path field of the config key must match the path field of the URL | |
264 | either exactly or as a prefix of slash-delimited path elements. This means | |
265 | a config key with path `foo/` matches URL path `foo/bar`. A prefix can only | |
266 | match on a slash (`/`) boundary. Longer matches take precedence (so a config | |
267 | key with path `foo/bar` is a better match to URL path `foo/bar` than a config | |
268 | key with just path `foo/`). | |
269 | ||
270 | . User name (e.g., `user` in `https://user@example.com/repo.git`). If | |
271 | the config key has a user name it must match the user name in the | |
272 | URL exactly. If the config key does not have a user name, that | |
273 | config key will match a URL with any user name (including none), | |
274 | but at a lower precedence than a config key with a user name. | |
275 | -- | |
276 | + | |
277 | The list above is ordered by decreasing precedence; a URL that matches | |
278 | a config key's path is preferred to one that matches its user name. For example, | |
279 | if the URL is `https://user@example.com/foo/bar` a config key match of | |
280 | `https://example.com/foo` will be preferred over a config key match of | |
281 | `https://user@example.com`. | |
282 | + | |
283 | All URLs are normalized before attempting any matching (the password part, | |
284 | if embedded in the URL, is always ignored for matching purposes) so that | |
285 | equivalent URLs that are simply spelled differently will match properly. | |
286 | Environment variable settings always override any matches. The URLs that are | |
287 | matched against are those given directly to Git commands. This means any URLs | |
288 | visited as a result of a redirection do not participate in matching. |