* [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable @ 2013-07-12 18:52 Junio C Hamano 2013-07-12 19:05 ` Jonathan Nieder 0 siblings, 1 reply; 8+ messages in thread From: Junio C Hamano @ 2013-07-12 18:52 UTC (permalink / raw) To: Mark Lodato; +Cc: git, Kyle J. McKay The existing code triggers only when the configuration variable is set to true. Once the variable is set to true in a more generic configuration file (e.g. ~/.gitconfig), it cannot be overriden to false in the repository specific one (e.g. .git/config). Signed-off-by: Junio C Hamano <gitster@pobox.com> --- http.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http.c b/http.c index 92aba59..37986f8 100644 --- a/http.c +++ b/http.c @@ -160,8 +160,7 @@ static int http_options(const char *var, const char *value, void *cb) if (!strcmp("http.sslcainfo", var)) return git_config_string(&ssl_cainfo, var, value); if (!strcmp("http.sslcertpasswordprotected", var)) { - if (git_config_bool(var, value)) - ssl_cert_password_required = 1; + ssl_cert_password_required = git_config_bool(var, value); return 0; } if (!strcmp("http.ssltry", var)) { -- 1.8.3.2-942-gc84dfcb ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-12 18:52 [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable Junio C Hamano @ 2013-07-12 19:05 ` Jonathan Nieder 2013-07-12 19:52 ` Junio C Hamano 2013-07-13 19:28 ` Kyle J. McKay 0 siblings, 2 replies; 8+ messages in thread From: Jonathan Nieder @ 2013-07-12 19:05 UTC (permalink / raw) To: Junio C Hamano; +Cc: Mark Lodato, git, Kyle J. McKay Junio C Hamano wrote: > The existing code triggers only when the configuration variable is > set to true. Once the variable is set to true in a more generic > configuration file (e.g. ~/.gitconfig), it cannot be overriden to > false in the repository specific one (e.g. .git/config). [...] > --- a/http.c > +++ b/http.c > @@ -160,8 +160,7 @@ static int http_options(const char *var, const char *value, void *cb) > if (!strcmp("http.sslcainfo", var)) > return git_config_string(&ssl_cainfo, var, value); > if (!strcmp("http.sslcertpasswordprotected", var)) { > - if (git_config_bool(var, value)) > - ssl_cert_password_required = 1; > + ssl_cert_password_required = git_config_bool(var, value); Thanks for catching it. The documentation doesn't say anything about this "can only enable and cannot disable" behavior and the usual pattern is to allow later settings to override earlier ones, so this change looks good. Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can only enable" behavior, but since it's documented, that's not as big of a problem. Do you remember why it was written that way? When that setting was first added[1], there was some mention of autodetection if libcurl could learn to do that. Did it happen? (Please forgive my ignorance.) Thanks, Jonathan [1] http://thread.gmane.org/gmane.comp.version-control.git/122793/focus=122816 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-12 19:05 ` Jonathan Nieder @ 2013-07-12 19:52 ` Junio C Hamano 2013-07-14 0:37 ` Mark Lodato 2013-07-13 19:28 ` Kyle J. McKay 1 sibling, 1 reply; 8+ messages in thread From: Junio C Hamano @ 2013-07-12 19:52 UTC (permalink / raw) To: Jonathan Nieder; +Cc: Mark Lodato, git, Kyle J. McKay Jonathan Nieder <jrnieder@gmail.com> writes: > FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can > only enable" behavior, but since it's documented, that's not as big > of a problem. Do you remember why it was written that way? Not me ;-). If I have to guess, it is probably that these two are thought to be equally trivial way to defeat existing environment settings: (unset GIT_SSL_CERT_PASSWORD_PROTECTED ; git cmd) GIT_SSL_CERT_PASSWORD_PROTECTED=no git cmd > When that setting was first added[1], there was some mention of > autodetection if libcurl could learn to do that. Did it happen? I do not think so, but let's see if our resident cURL guru has something to say about it. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-12 19:52 ` Junio C Hamano @ 2013-07-14 0:37 ` Mark Lodato 2013-07-15 4:13 ` Junio C Hamano 0 siblings, 1 reply; 8+ messages in thread From: Mark Lodato @ 2013-07-14 0:37 UTC (permalink / raw) To: Junio C Hamano; +Cc: Jonathan Nieder, git list, Kyle J. McKay On Fri, Jul 12, 2013 at 3:52 PM, Junio C Hamano <gitster@pobox.com> wrote: > > Jonathan Nieder <jrnieder@gmail.com> writes: > > > FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can > > only enable" behavior, but since it's documented, that's not as big > > of a problem. Do you remember why it was written that way? > > Not me ;-). Because that's how GIT_NO_VERIFY, GIT_CURL_FTP_NO_EPSV, and GIT_CURL_VERBOSE (and perhaps others) work. That said, I agree that parsing the variable's value as a boolean would make much more sense. Perhaps this is how all of those variables should work? > > When that setting was first added[1], there was some mention of > > autodetection if libcurl could learn to do that. Did it happen? > > I do not think so, but let's see if our resident cURL guru has > something to say about it. I tried back in 2009 but eventually gave up, so unfortunately no. Maybe the situation in libcurl has changed since then? (If you are interested in pursing this, please let me know and I can give you the details of what I tried.) ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-14 0:37 ` Mark Lodato @ 2013-07-15 4:13 ` Junio C Hamano 2013-07-15 6:37 ` Kyle J. McKay 0 siblings, 1 reply; 8+ messages in thread From: Junio C Hamano @ 2013-07-15 4:13 UTC (permalink / raw) To: Mark Lodato; +Cc: Jonathan Nieder, git list, Kyle J. McKay Mark Lodato <lodatom@gmail.com> writes: > On Fri, Jul 12, 2013 at 3:52 PM, Junio C Hamano <gitster@pobox.com> wrote: >> >> Jonathan Nieder <jrnieder@gmail.com> writes: >> >> > FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can >> > only enable" behavior, but since it's documented, that's not as big >> > of a problem. Do you remember why it was written that way? >> >> Not me ;-). > > Because that's how GIT_NO_VERIFY, GIT_CURL_FTP_NO_EPSV, and s/GIT_NO_VERIFY/GIT_SSL_NO_VERIFY/, I think. > GIT_CURL_VERBOSE (and perhaps others) work. That said, I agree that > parsing the variable's value as a boolean would make much more sense. > Perhaps this is how all of those variables should work? I think you are probably right. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-15 4:13 ` Junio C Hamano @ 2013-07-15 6:37 ` Kyle J. McKay 2013-07-15 15:54 ` Junio C Hamano 0 siblings, 1 reply; 8+ messages in thread From: Kyle J. McKay @ 2013-07-15 6:37 UTC (permalink / raw) To: Junio C Hamano; +Cc: Mark Lodato, Jonathan Nieder, git list On Jul 14, 2013, at 21:13, Junio C Hamano wrote: > Mark Lodato <lodatom@gmail.com> writes: > >> On Fri, Jul 12, 2013 at 3:52 PM, Junio C Hamano <gitster@pobox.com> >> wrote: >>> >>> Jonathan Nieder <jrnieder@gmail.com> writes: >>> >>>> FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can >>>> only enable" behavior, but since it's documented, that's not as big >>>> of a problem. Do you remember why it was written that way? >>> >>> Not me ;-). >> >> Because that's how GIT_NO_VERIFY, GIT_CURL_FTP_NO_EPSV, and > > s/GIT_NO_VERIFY/GIT_SSL_NO_VERIFY/, I think. > >> GIT_CURL_VERBOSE (and perhaps others) work. That said, I agree that >> parsing the variable's value as a boolean would make much more sense. >> Perhaps this is how all of those variables should work? > > I think you are probably right. That works fine for GIT_SSL_CERT_PASSWORD_PROTECTED and GIT_CURL_VERBOSE, but it's a little bit awkward for GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV since they have "_NO_" in their names. If the user wants to override a "http.sslVerify=false" then "GIT_SSL_NO_VERIFY=false" is needed rather than "GIT_SSL_VERIFY=true". We could: 1) Introduce GIT_SSL_VERIFY and GIT_CURL_FTP_EPSV and say if they are set the "_NO_" version is ignored. 2) Go ahead with "GIT_SSL_NO_VERIFY=false" to force http.sslVerify back to true (and similarly for EPSV). 3) Just leave GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV alone. 4) Do something else, ideas? Comments? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-15 6:37 ` Kyle J. McKay @ 2013-07-15 15:54 ` Junio C Hamano 0 siblings, 0 replies; 8+ messages in thread From: Junio C Hamano @ 2013-07-15 15:54 UTC (permalink / raw) To: Kyle J. McKay; +Cc: Mark Lodato, Jonathan Nieder, git list "Kyle J. McKay" <mackyle@gmail.com> writes: > That works fine for GIT_SSL_CERT_PASSWORD_PROTECTED and > GIT_CURL_VERBOSE, but it's a little bit awkward for GIT_SSL_NO_VERIFY > and GIT_CURL_FTP_NO_EPSV since they have "_NO_" in their names. > > If the user wants to override a "http.sslVerify=false" then > "GIT_SSL_NO_VERIFY=false" is needed rather than "GIT_SSL_VERIFY=true". > > We could: > > 1) Introduce GIT_SSL_VERIFY and GIT_CURL_FTP_EPSV and say if they are > set the "_NO_" version is ignored. > > 2) Go ahead with "GIT_SSL_NO_VERIFY=false" to force http.sslVerify > back to true (and similarly for EPSV). > > 3) Just leave GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV alone. > > 4) Do something else, ideas? > > Comments? The usual way we have done this kind of thing so far is: (1) Add GIT_SSL_VERIFY and GIT_CURL_FTP_EPSV support, that is boolean. If that is set, it takes precedence to GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV. If not, GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV are used just like before (setting it to any value will decline VERIFY or EPSV). (2) Issue a warning to tell users to use GIT_SSL_VERIFY or GIT_CURL_FTP_EPSV instead, when GIT_SSL_NO_VERIFY and GIT_CURL_FTP_NO_EPSV are used. (3) Later at a large version bump, remove support for *_NO_* variants. We can stop at (1) and not do (2) and (3), if the resulting code after (1) is not too cumbersome to maintain. If we do (2) then we must follow it through with (3), and if we plan to do (3) then we must precede it with (2). ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable 2013-07-12 19:05 ` Jonathan Nieder 2013-07-12 19:52 ` Junio C Hamano @ 2013-07-13 19:28 ` Kyle J. McKay 1 sibling, 0 replies; 8+ messages in thread From: Kyle J. McKay @ 2013-07-13 19:28 UTC (permalink / raw) To: Junio C Hamano, Jonathan Nieder; +Cc: git, Mark Lodato On Jul 12, 2013, at 12:05, Jonathan Nieder wrote: > Junio C Hamano wrote: > >> The existing code triggers only when the configuration variable is >> set to true. Once the variable is set to true in a more generic >> configuration file (e.g. ~/.gitconfig), it cannot be overriden to >> false in the repository specific one (e.g. .git/config). > [...] >> --- a/http.c >> +++ b/http.c >> @@ -160,8 +160,7 @@ static int http_options(const char *var, const >> char *value, void *cb) >> if (!strcmp("http.sslcainfo", var)) >> return git_config_string(&ssl_cainfo, var, value); >> if (!strcmp("http.sslcertpasswordprotected", var)) { >> - if (git_config_bool(var, value)) >> - ssl_cert_password_required = 1; >> + ssl_cert_password_required = git_config_bool(var, value); > > Thanks for catching it. The documentation doesn't say anything about > this "can only enable and cannot disable" behavior and the usual > pattern is to allow later settings to override earlier ones, so this > change looks good. > > Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Looks good to me too. > FWIW the GIT_SSL_CERT_PASSWORD_PROTECTED envvar has a similar "can > only enable" behavior, but since it's documented, that's not as big > of a problem. Hmmm. git help config says: > Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment > variable. in the http.sslCertPasswordProtected section of the help. It doesn't say it can only be overridden to on. Is there some other documentation for that somewhere I'm missing about being can-only-enable? If not, perhaps a change something like the following could be added to the patch: diff --git a/http.c b/http.c index 2d086ae..83fc6b4 100644 --- a/http.c +++ b/http.c @@ -404,11 +404,10 @@ void http_init(struct remote *remote, const char *url, int proactive_auth) curl_ftp_no_epsv = 1; if (url) { + int pwdreq = git_env_bool("GIT_SSL_CERT_PASSWORD_PROTECTED", -1); credential_from_url(&http_auth, url); - if (!ssl_cert_password_required && - getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") && - !prefixcmp(url, "https://")) - ssl_cert_password_required = 1; + if (pwdreq != -1 && !prefixcmp(url, "https://")) + ssl_cert_password_required = pwdreq; } #ifndef NO_CURL_EASY_DUPHANDLE -- ^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-07-15 15:54 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-12 18:52 [PATCH] http.c: fix parsing of http.sslCertPasswordProtected variable Junio C Hamano 2013-07-12 19:05 ` Jonathan Nieder 2013-07-12 19:52 ` Junio C Hamano 2013-07-14 0:37 ` Mark Lodato 2013-07-15 4:13 ` Junio C Hamano 2013-07-15 6:37 ` Kyle J. McKay 2013-07-15 15:54 ` Junio C Hamano 2013-07-13 19:28 ` Kyle J. McKay
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.