Any other thoughts, one way or the other? Adding proper SSL/PKI support would really help git adoption in the corporate world. I am willing to make any changes necessary to get this into git.git. ~ Mark On Wed, May 27, 2009 at 11:16 PM, Mark Lodato<lodatom@xxxxxxxxx> wrote: > If an SSL client certificate is enabled (via http.sslcert or > GIT_SSL_CERT), prompt for the certificate password rather than > defaulting to OpenSSL's password prompt. This causes the prompt to only > appear once each run. Previously, OpenSSL prompted the user *many* > times, causing git to be unusable over HTTPS with client-side > certificates. > > Note that the password is stored in memory in the clear while the > program is running. This may be a security problem if git crashes and > core dumps. > > The user is always prompted, even if the certificate is not encrypted. > This should be fine; unencrypted certificates are rare and a security > risk anyway. > > Signed-off-by: Mark Lodato <lodatom@xxxxxxxxx> > --- > > See http://osdir.com/ml/git/2009-02/msg03402.html for a discussion of > this topic and an example showing how horrible the current password > prompts are. > > The next patch adds an option to disable this feature. I split it into > two commits in case the configuration option is not wanted. > > I did not create any tests because the existing http.sslcert option has > no tests to begin with. > > I would really like to use git over HTTPS with client certs, but the > current situation is just unusable. So, I'm hoping this gets included > in git.git at some point. I would be happy to hear any comments people > have about this patch series. Thanks! > > > http.c | 40 +++++++++++++++++++++++++++++++++++++++- > 1 files changed, 39 insertions(+), 1 deletions(-) > > diff --git a/http.c b/http.c > index 2e3d649..1fc3444 100644 > --- a/http.c > +++ b/http.c > @@ -26,6 +26,8 @@ static long curl_low_speed_time = -1; > static int curl_ftp_no_epsv; > static const char *curl_http_proxy; > static char *user_name, *user_pass; > +static char *ssl_cert_password; > +static int ssl_cert_password_required; > > static struct curl_slist *pragma_header; > > @@ -167,6 +169,22 @@ static void init_curl_http_auth(CURL *result) > } > } > > +static int has_cert_password(void) > +{ > + if (ssl_cert_password != NULL) > + return 1; > + if (ssl_cert == NULL || ssl_cert_password_required != 1) > + return 0; > + /* Only prompt the user once. */ > + ssl_cert_password_required = -1; > + ssl_cert_password = getpass("Certificate Password: "); > + if (ssl_cert_password != NULL) { > + ssl_cert_password = xstrdup(ssl_cert_password); > + return 1; > + } else > + return 0; > +} > + > static CURL *get_curl_handle(void) > { > CURL *result = curl_easy_init(); > @@ -189,6 +207,16 @@ static CURL *get_curl_handle(void) > > if (ssl_cert != NULL) > curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); > + if (has_cert_password()) > + curl_easy_setopt(result, > +#if LIBCURL_VERSION_NUM >= 0x071700 > + CURLOPT_KEYPASSWD, > +#elif LIBCURL_VERSION_NUM >= 0x070903 > + CURLOPT_SSLKEYPASSWD, > +#else > + CURLOPT_SSLCERTPASSWD, > +#endif > + ssl_cert_password); > #if LIBCURL_VERSION_NUM >= 0x070902 > if (ssl_key != NULL) > curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key); > @@ -329,8 +357,11 @@ void http_init(struct remote *remote) > if (getenv("GIT_CURL_FTP_NO_EPSV")) > curl_ftp_no_epsv = 1; > > - if (remote && remote->url && remote->url[0]) > + if (remote && remote->url && remote->url[0]) { > http_auth_init(remote->url[0]); > + if (!prefixcmp(remote->url[0], "https://";)) > + ssl_cert_password_required = 1; > + } > > #ifndef NO_CURL_EASY_DUPHANDLE > curl_default = get_curl_handle(); > @@ -370,6 +401,13 @@ void http_cleanup(void) > free((void *)curl_http_proxy); > curl_http_proxy = NULL; > } > + > + if (ssl_cert_password != NULL) { > + memset(ssl_cert_password, 0, strlen(ssl_cert_password)); > + free(ssl_cert_password); > + ssl_cert_password = NULL; > + } > + ssl_cert_password_required = 0; > } > > struct active_request_slot *get_active_slot(void) > -- > 1.6.3.1 > > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html