How it works if git is run from IDEs (no tty will be available)? Is there a way to redefine the way the password is got? What about scripting scenarios where passwordless certificates are likely to be used? Regards, Constantine On Fri, Jun 5, 2009 at 6:44 AM, Mark Lodato <lodatom@xxxxxxxxx> wrote: > Any thoughts on this? I would love to see this in git 1.6.4, and I > don't think it affects people who do not use certificates. > > ~ Mark > > On Wed, May 27, 2009 at 11:16 PM, Mark Lodato<lodatom@xxxxxxxxx> wrote: >> If an SSL client certificate is enabled (via http.sslcert or >> GIT_SSL_CERT), prompt for the certificate password rather than >> defaulting to OpenSSL's password prompt. This causes the prompt to only >> appear once each run. Previously, OpenSSL prompted the user *many* >> times, causing git to be unusable over HTTPS with client-side >> certificates. >> >> Note that the password is stored in memory in the clear while the >> program is running. This may be a security problem if git crashes and >> core dumps. >> >> The user is always prompted, even if the certificate is not encrypted. >> This should be fine; unencrypted certificates are rare and a security >> risk anyway. >> >> Signed-off-by: Mark Lodato <lodatom@xxxxxxxxx> >> --- >> >> See http://osdir.com/ml/git/2009-02/msg03402.html for a discussion of >> this topic and an example showing how horrible the current password >> prompts are. >> >> The next patch adds an option to disable this feature. I split it into >> two commits in case the configuration option is not wanted. >> >> I did not create any tests because the existing http.sslcert option has >> no tests to begin with. >> >> I would really like to use git over HTTPS with client certs, but the >> current situation is just unusable. So, I'm hoping this gets included >> in git.git at some point. I would be happy to hear any comments people >> have about this patch series. Thanks! >> >> >> http.c | 40 +++++++++++++++++++++++++++++++++++++++- >> 1 files changed, 39 insertions(+), 1 deletions(-) >> >> diff --git a/http.c b/http.c >> index 2e3d649..1fc3444 100644 >> --- a/http.c >> +++ b/http.c >> @@ -26,6 +26,8 @@ static long curl_low_speed_time = -1; >> static int curl_ftp_no_epsv; >> static const char *curl_http_proxy; >> static char *user_name, *user_pass; >> +static char *ssl_cert_password; >> +static int ssl_cert_password_required; >> >> static struct curl_slist *pragma_header; >> >> @@ -167,6 +169,22 @@ static void init_curl_http_auth(CURL *result) >> } >> } >> >> +static int has_cert_password(void) >> +{ >> + if (ssl_cert_password != NULL) >> + return 1; >> + if (ssl_cert == NULL || ssl_cert_password_required != 1) >> + return 0; >> + /* Only prompt the user once. */ >> + ssl_cert_password_required = -1; >> + ssl_cert_password = getpass("Certificate Password: "); >> + if (ssl_cert_password != NULL) { >> + ssl_cert_password = xstrdup(ssl_cert_password); >> + return 1; >> + } else >> + return 0; >> +} >> + >> static CURL *get_curl_handle(void) >> { >> CURL *result = curl_easy_init(); >> @@ -189,6 +207,16 @@ static CURL *get_curl_handle(void) >> >> if (ssl_cert != NULL) >> curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); >> + if (has_cert_password()) >> + curl_easy_setopt(result, >> +#if LIBCURL_VERSION_NUM >= 0x071700 >> + CURLOPT_KEYPASSWD, >> +#elif LIBCURL_VERSION_NUM >= 0x070903 >> + CURLOPT_SSLKEYPASSWD, >> +#else >> + CURLOPT_SSLCERTPASSWD, >> +#endif >> + ssl_cert_password); >> #if LIBCURL_VERSION_NUM >= 0x070902 >> if (ssl_key != NULL) >> curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key); >> @@ -329,8 +357,11 @@ void http_init(struct remote *remote) >> if (getenv("GIT_CURL_FTP_NO_EPSV")) >> curl_ftp_no_epsv = 1; >> >> - if (remote && remote->url && remote->url[0]) >> + if (remote && remote->url && remote->url[0]) { >> http_auth_init(remote->url[0]); >> + if (!prefixcmp(remote->url[0], "https://";)) >> + ssl_cert_password_required = 1; >> + } >> >> #ifndef NO_CURL_EASY_DUPHANDLE >> curl_default = get_curl_handle(); >> @@ -370,6 +401,13 @@ void http_cleanup(void) >> free((void *)curl_http_proxy); >> curl_http_proxy = NULL; >> } >> + >> + if (ssl_cert_password != NULL) { >> + memset(ssl_cert_password, 0, strlen(ssl_cert_password)); >> + free(ssl_cert_password); >> + ssl_cert_password = NULL; >> + } >> + ssl_cert_password_required = 0; >> } >> >> struct active_request_slot *get_active_slot(void) >> -- >> 1.6.3.1 >> >> > -- > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html