]>
Commit | Line | Data |
---|---|---|
ad308479 NTND |
1 | http.proxy:: |
2 | Override the HTTP proxy, normally configured using the 'http_proxy', | |
3 | 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In | |
4 | addition to the syntax understood by curl, it is possible to specify a | |
5 | proxy string with a user name but no password, in which case git will | |
6 | attempt to acquire one in the same way it does for other credentials. See | |
7 | linkgit:gitcredentials[7] for more information. The syntax thus is | |
8 | '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden | |
9 | on a per-remote basis; see remote.<name>.proxy | |
10 | ||
11 | http.proxyAuthMethod:: | |
12 | Set the method with which to authenticate against the HTTP proxy. This | |
13 | only takes effect if the configured proxy string contains a user name part | |
14 | (i.e. is of the form 'user@host' or 'user@host:port'). This can be | |
15 | overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`. | |
16 | Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment | |
17 | variable. Possible values are: | |
18 | + | |
19 | -- | |
20 | * `anyauth` - Automatically pick a suitable authentication method. It is | |
21 | assumed that the proxy answers an unauthenticated request with a 407 | |
22 | status code and one or more Proxy-authenticate headers with supported | |
23 | authentication methods. This is the default. | |
24 | * `basic` - HTTP Basic authentication | |
25 | * `digest` - HTTP Digest authentication; this prevents the password from being | |
26 | transmitted to the proxy in clear text | |
27 | * `negotiate` - GSS-Negotiate authentication (compare the --negotiate option | |
28 | of `curl(1)`) | |
29 | * `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`) | |
30 | -- | |
31 | ||
88238e02 JLS |
32 | http.proxySSLCert:: |
33 | The pathname of a file that stores a client certificate to use to authenticate | |
af026519 JLS |
34 | with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment |
35 | variable. | |
88238e02 JLS |
36 | |
37 | http.proxySSLKey:: | |
38 | The pathname of a file that stores a private key to use to authenticate with | |
af026519 JLS |
39 | an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment |
40 | variable. | |
88238e02 JLS |
41 | |
42 | http.proxySSLCertPasswordProtected:: | |
43 | Enable Git's password prompt for the proxy SSL certificate. Otherwise OpenSSL | |
44 | will prompt the user, possibly many times, if the certificate or private key | |
7efc3782 | 45 | is encrypted. Can be overridden by the `GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED` |
af026519 | 46 | environment variable. |
88238e02 JLS |
47 | |
48 | http.proxySSLCAInfo:: | |
49 | Pathname to the file containing the certificate bundle that should be used to | |
7efc3782 | 50 | verify the proxy with when using an HTTPS proxy. Can be overridden by the |
af026519 | 51 | `GIT_PROXY_SSL_CAINFO` environment variable. |
88238e02 | 52 | |
ad308479 NTND |
53 | http.emptyAuth:: |
54 | Attempt authentication without seeking a username or password. This | |
55 | can be used to attempt GSS-Negotiate authentication without specifying | |
56 | a username in the URL, as libcurl normally requires a username for | |
57 | authentication. | |
58 | ||
59 | http.delegation:: | |
60 | Control GSSAPI credential delegation. The delegation is disabled | |
61 | by default in libcurl since version 7.21.7. Set parameter to tell | |
62 | the server what it is allowed to delegate when it comes to user | |
63 | credentials. Used with GSS/kerberos. Possible values are: | |
64 | + | |
65 | -- | |
66 | * `none` - Don't allow any delegation. | |
67 | * `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the | |
68 | Kerberos service ticket, which is a matter of realm policy. | |
69 | * `always` - Unconditionally allow the server to delegate. | |
70 | -- | |
71 | ||
72 | ||
73 | http.extraHeader:: | |
74 | Pass an additional HTTP header when communicating with a server. If | |
75 | more than one such entry exists, all of them are added as extra | |
76 | headers. To allow overriding the settings inherited from the system | |
77 | config, an empty value will reset the extra headers to the empty list. | |
78 | ||
79 | http.cookieFile:: | |
80 | The pathname of a file containing previously stored cookie lines, | |
81 | which should be used | |
82 | in the Git http session, if they match the server. The file format | |
83 | of the file to read cookies from should be plain HTTP headers or | |
84 | the Netscape/Mozilla cookie file format (see `curl(1)`). | |
85 | NOTE that the file specified with http.cookieFile is used only as | |
86 | input unless http.saveCookies is set. | |
87 | ||
88 | http.saveCookies:: | |
89 | If set, store cookies received during requests to the file specified by | |
90 | http.cookieFile. Has no effect if http.cookieFile is unset. | |
91 | ||
13d99192 JH |
92 | http.version:: |
93 | Use the specified HTTP protocol version when communicating with a server. | |
94 | If you want to force the default. The available and default version depend | |
856249c6 | 95 | on libcurl. Currently the possible values of |
13d99192 JH |
96 | this option are: |
97 | ||
98 | - HTTP/2 | |
99 | - HTTP/1.1 | |
100 | ||
ad308479 NTND |
101 | http.sslVersion:: |
102 | The SSL version to use when negotiating an SSL connection, if you | |
103 | want to force the default. The available and default version | |
104 | depend on whether libcurl was built against NSS or OpenSSL and the | |
105 | particular configuration of the crypto library in use. Internally | |
106 | this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl | |
107 | documentation for more details on the format of this option and | |
856249c6 | 108 | for the ssl version supported. Currently the possible values of |
ad308479 NTND |
109 | this option are: |
110 | ||
111 | - sslv2 | |
112 | - sslv3 | |
113 | - tlsv1 | |
114 | - tlsv1.0 | |
115 | - tlsv1.1 | |
116 | - tlsv1.2 | |
117 | - tlsv1.3 | |
118 | ||
119 | + | |
120 | Can be overridden by the `GIT_SSL_VERSION` environment variable. | |
121 | To force git to use libcurl's default ssl version and ignore any | |
122 | explicit http.sslversion option, set `GIT_SSL_VERSION` to the | |
123 | empty string. | |
124 | ||
125 | http.sslCipherList:: | |
126 | A list of SSL ciphers to use when negotiating an SSL connection. | |
127 | The available ciphers depend on whether libcurl was built against | |
128 | NSS or OpenSSL and the particular configuration of the crypto | |
129 | library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' | |
130 | option; see the libcurl documentation for more details on the format | |
131 | of this list. | |
132 | + | |
133 | Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable. | |
134 | To force git to use libcurl's default cipher list and ignore any | |
135 | explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the | |
136 | empty string. | |
137 | ||
138 | http.sslVerify:: | |
139 | Whether to verify the SSL certificate when fetching or pushing | |
140 | over HTTPS. Defaults to true. Can be overridden by the | |
141 | `GIT_SSL_NO_VERIFY` environment variable. | |
142 | ||
143 | http.sslCert:: | |
144 | File containing the SSL certificate when fetching or pushing | |
145 | over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment | |
146 | variable. | |
147 | ||
148 | http.sslKey:: | |
149 | File containing the SSL private key when fetching or pushing | |
150 | over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment | |
151 | variable. | |
152 | ||
153 | http.sslCertPasswordProtected:: | |
154 | Enable Git's password prompt for the SSL certificate. Otherwise | |
155 | OpenSSL will prompt the user, possibly many times, if the | |
156 | certificate or private key is encrypted. Can be overridden by the | |
157 | `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable. | |
158 | ||
159 | http.sslCAInfo:: | |
160 | File containing the certificates to verify the peer with when | |
161 | fetching or pushing over HTTPS. Can be overridden by the | |
162 | `GIT_SSL_CAINFO` environment variable. | |
163 | ||
164 | http.sslCAPath:: | |
165 | Path containing files with the CA certificates to verify the peer | |
166 | with when fetching or pushing over HTTPS. Can be overridden | |
167 | by the `GIT_SSL_CAPATH` environment variable. | |
168 | ||
169 | http.sslBackend:: | |
170 | Name of the SSL backend to use (e.g. "openssl" or "schannel"). | |
171 | This option is ignored if cURL lacks support for choosing the SSL | |
172 | backend at runtime. | |
173 | ||
174 | http.schannelCheckRevoke:: | |
175 | Used to enforce or disable certificate revocation checks in cURL | |
176 | when http.sslBackend is set to "schannel". Defaults to `true` if | |
177 | unset. Only necessary to disable this if Git consistently errors | |
178 | and the message is about checking the revocation status of a | |
179 | certificate. This option is ignored if cURL lacks support for | |
180 | setting the relevant SSL option at runtime. | |
181 | ||
182 | http.schannelUseSSLCAInfo:: | |
183 | As of cURL v7.60.0, the Secure Channel backend can use the | |
184 | certificate bundle provided via `http.sslCAInfo`, but that would | |
185 | override the Windows Certificate Store. Since this is not desirable | |
186 | by default, Git will tell cURL not to use that bundle by default | |
187 | when the `schannel` backend was configured via `http.sslBackend`, | |
188 | unless `http.schannelUseSSLCAInfo` overrides this behavior. | |
189 | ||
190 | http.pinnedpubkey:: | |
191 | Public key of the https service. It may either be the filename of | |
192 | a PEM or DER encoded public key file or a string starting with | |
193 | 'sha256//' followed by the base64 encoded sha256 hash of the | |
194 | public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will | |
195 | exit with an error if this option is set but not supported by | |
196 | cURL. | |
197 | ||
198 | http.sslTry:: | |
199 | Attempt to use AUTH SSL/TLS and encrypted data transfers | |
200 | when connecting via regular FTP protocol. This might be needed | |
201 | if the FTP server requires it for security reasons or you wish | |
202 | to connect securely whenever remote FTP server supports it. | |
203 | Default is false since it might trigger certificate verification | |
204 | errors on misconfigured servers. | |
205 | ||
206 | http.maxRequests:: | |
207 | How many HTTP requests to launch in parallel. Can be overridden | |
208 | by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5. | |
209 | ||
210 | http.minSessions:: | |
211 | The number of curl sessions (counted across slots) to be kept across | |
212 | requests. They will not be ended with curl_easy_cleanup() until | |
213 | http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this | |
214 | value will be capped at 1. Defaults to 1. | |
215 | ||
216 | http.postBuffer:: | |
217 | Maximum size in bytes of the buffer used by smart HTTP | |
218 | transports when POSTing data to the remote system. | |
219 | For requests larger than this buffer size, HTTP/1.1 and | |
220 | Transfer-Encoding: chunked is used to avoid creating a | |
221 | massive pack file locally. Default is 1 MiB, which is | |
222 | sufficient for most requests. | |
7a2dc95c | 223 | + |
224 | Note that raising this limit is only effective for disabling chunked | |
225 | transfer encoding and therefore should be used only where the remote | |
226 | server or a proxy only supports HTTP/1.0 or is noncompliant with the | |
227 | HTTP standard. Raising this is not, in general, an effective solution | |
228 | for most push problems, but can increase memory consumption | |
229 | significantly since the entire buffer is allocated even for small | |
230 | pushes. | |
ad308479 NTND |
231 | |
232 | http.lowSpeedLimit, http.lowSpeedTime:: | |
233 | If the HTTP transfer speed is less than 'http.lowSpeedLimit' | |
234 | for longer than 'http.lowSpeedTime' seconds, the transfer is aborted. | |
235 | Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and | |
236 | `GIT_HTTP_LOW_SPEED_TIME` environment variables. | |
237 | ||
238 | http.noEPSV:: | |
239 | A boolean which disables using of EPSV ftp command by curl. | |
240 | This can helpful with some "poor" ftp servers which don't | |
241 | support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV` | |
242 | environment variable. Default is false (curl will use EPSV). | |
243 | ||
244 | http.userAgent:: | |
245 | The HTTP USER_AGENT string presented to an HTTP server. The default | |
246 | value represents the version of the client Git such as git/1.7.1. | |
247 | This option allows you to override this value to a more common value | |
248 | such as Mozilla/4.0. This may be necessary, for instance, if | |
249 | connecting through a firewall that restricts HTTP connections to a set | |
250 | of common USER_AGENT strings (but not including those like git/1.7.1). | |
251 | Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. | |
252 | ||
253 | http.followRedirects:: | |
254 | Whether git should follow HTTP redirects. If set to `true`, git | |
255 | will transparently follow any redirect issued by a server it | |
256 | encounters. If set to `false`, git will treat all redirects as | |
257 | errors. If set to `initial`, git will follow redirects only for | |
258 | the initial request to a remote, but not for subsequent | |
259 | follow-up HTTP requests. Since git uses the redirected URL as | |
260 | the base for the follow-up requests, this is generally | |
261 | sufficient. The default is `initial`. | |
262 | ||
263 | http.<url>.*:: | |
264 | Any of the http.* options above can be applied selectively to some URLs. | |
265 | For a config key to match a URL, each element of the config key is | |
266 | compared to that of the URL, in the following order: | |
267 | + | |
268 | -- | |
269 | . Scheme (e.g., `https` in `https://example.com/`). This field | |
270 | must match exactly between the config key and the URL. | |
271 | ||
272 | . Host/domain name (e.g., `example.com` in `https://example.com/`). | |
273 | This field must match between the config key and the URL. It is | |
274 | possible to specify a `*` as part of the host name to match all subdomains | |
275 | at this level. `https://*.example.com/` for example would match | |
276 | `https://foo.example.com/`, but not `https://foo.bar.example.com/`. | |
277 | ||
278 | . Port number (e.g., `8080` in `http://example.com:8080/`). | |
279 | This field must match exactly between the config key and the URL. | |
280 | Omitted port numbers are automatically converted to the correct | |
281 | default for the scheme before matching. | |
282 | ||
283 | . Path (e.g., `repo.git` in `https://example.com/repo.git`). The | |
284 | path field of the config key must match the path field of the URL | |
285 | either exactly or as a prefix of slash-delimited path elements. This means | |
286 | a config key with path `foo/` matches URL path `foo/bar`. A prefix can only | |
287 | match on a slash (`/`) boundary. Longer matches take precedence (so a config | |
288 | key with path `foo/bar` is a better match to URL path `foo/bar` than a config | |
289 | key with just path `foo/`). | |
290 | ||
291 | . User name (e.g., `user` in `https://user@example.com/repo.git`). If | |
292 | the config key has a user name it must match the user name in the | |
293 | URL exactly. If the config key does not have a user name, that | |
294 | config key will match a URL with any user name (including none), | |
295 | but at a lower precedence than a config key with a user name. | |
296 | -- | |
297 | + | |
298 | The list above is ordered by decreasing precedence; a URL that matches | |
299 | a config key's path is preferred to one that matches its user name. For example, | |
300 | if the URL is `https://user@example.com/foo/bar` a config key match of | |
301 | `https://example.com/foo` will be preferred over a config key match of | |
302 | `https://user@example.com`. | |
303 | + | |
304 | All URLs are normalized before attempting any matching (the password part, | |
305 | if embedded in the URL, is always ignored for matching purposes) so that | |
306 | equivalent URLs that are simply spelled differently will match properly. | |
307 | Environment variable settings always override any matches. The URLs that are | |
308 | matched against are those given directly to Git commands. This means any URLs | |
309 | visited as a result of a redirection do not participate in matching. |