git.ipfire.org Git - thirdparty/git.git/commit

author	Knut Franke <k.franke@science-computing.de>
	Tue, 26 Jan 2016 13:02:48 +0000 (13:02 +0000)
committer	Junio C Hamano <gitster@pobox.com>
	Tue, 26 Jan 2016 18:53:25 +0000 (10:53 -0800)
commit	372370f1675c2b935fb703665358dd5567641107
tree	ccd3d55be8f8d0be64f24cdb8f75a69da0f1e94c	tree \| snapshot
parent	ef976395e26a25fb6d048d859a1c8cddb2640b9a	commit \| diff

http: use credential API to handle proxy authentication

Currently, the only way to pass proxy credentials to curl is by including them
in the proxy URL. Usually, this means they will end up on disk unencrypted, one
way or another (by inclusion in ~/.gitconfig, shell profile or history). Since
proxy authentication often uses a domain user, credentials can be security
sensitive; therefore, a safer way of passing credentials is desirable.

If the configured proxy contains a username but not a password, query the
credential API for one. Also, make sure we approve/reject proxy credentials
properly.

For consistency reasons, add parsing of http_proxy/https_proxy/all_proxy
environment variables, which would otherwise be evaluated as a fallback by curl.
Without this, we would have different semantics for git configuration and
environment variables.

Helped-by: Junio C Hamano <gitster@pobox.com>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Helped-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Knut Franke <k.franke@science-computing.de>
Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Documentation/config.txt		diff \| blob \| blame \| history
http.c		diff \| blob \| blame \| history
http.h		diff \| blob \| blame \| history