Add two new configuration variables, http.sslCertType and
http.sslKeyType, which tell libcurl the filetype for the SSL client
certificate and private key, respectively. The main benefit is to allow
PKCS12 certificates for users with libcurl >= 7.13.0.
Signed-off-by: Mark Lodato <lodatom@xxxxxxxxx>
---
Unfortunately, P12 support in libcurl is not great, so encrypted P12
certificates do not work at all. At least now unencrypted certificates
are possible. Hopefully, my password prompting patch series (once I
finish it) will resolve this issue.
As always, any feedback on this patch is appreciated. In particular, I
welcome suggestions for improving the documentation phrasing.
Documentation/config.txt | 10 ++++++++++
http.c | 12 ++++++++++++
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 2fecbe3..b19a923 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1038,11 +1038,21 @@ http.sslCert::
over HTTPS. Can be overridden by the 'GIT_SSL_CERT' environment
variable.
+http.sslCertType::
+ Filetype for SSL certificate. Must be "PEM" (default), "DER", or
+ (if libcurl >= 7.13.0) "P12". Can be overridden by the
+ 'GIT_SSL_CERT_TYPE' environment variable.
+
http.sslKey::
File containing the SSL private key when fetching or pushing
over HTTPS. Can be overridden by the 'GIT_SSL_KEY' environment
variable.
+http.sslKeyType::
+ Filetype for SSL private key. Must be "PEM" (default), "DER", or
+ (if libcurl >= 7.13.0) "P12". Can be overridden by the
+ 'GIT_SSL_CERT_TYPE' environment variable.
+
http.sslCAInfo::
File containing the certificates to verify the peer with when
fetching or pushing over HTTPS. Can be overridden by the
diff --git a/http.c b/http.c
index b049948..5716e4e 100644
--- a/http.c
+++ b/http.c
@@ -22,6 +22,8 @@ static int curl_ssl_verify = -1;
static const char *ssl_cert;
#if LIBCURL_VERSION_NUM >= 0x070903
static const char *ssl_key;
+static const char *ssl_cert_type;
+static const char *ssl_key_type;
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
static const char *ssl_capath;
@@ -129,6 +131,10 @@ static int http_options(const char *var, const char *value, void *cb)
#if LIBCURL_VERSION_NUM >= 0x070903
if (!strcmp("http.sslkey", var))
return git_config_string(&ssl_key, var, value);
+ if (!strcmp("http.sslcerttype", var))
+ return git_config_string(&ssl_cert_type, var, value);
+ if (!strcmp("http.sslkeytype", var))
+ return git_config_string(&ssl_key_type, var, value);
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
if (!strcmp("http.sslcapath", var))
@@ -199,6 +205,10 @@ static CURL *get_curl_handle(void)
#if LIBCURL_VERSION_NUM >= 0x070903
if (ssl_key != NULL)
curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
+ if (ssl_cert_type != NULL)
+ curl_easy_setopt(result, CURLOPT_SSLCERTTYPE, ssl_cert_type);
+ if (ssl_key_type != NULL)
+ curl_easy_setopt(result, CURLOPT_SSLKEYTYPE, ssl_key_type);
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
if (ssl_capath != NULL)
@@ -315,6 +325,8 @@ void http_init(struct remote *remote)
set_from_env(&ssl_cert, "GIT_SSL_CERT");
#if LIBCURL_VERSION_NUM >= 0x070903
set_from_env(&ssl_key, "GIT_SSL_KEY");
+ set_from_env(&ssl_cert, "GIT_SSL_CERT_TYPE");
+ set_from_env(&ssl_key, "GIT_SSL_KEY_TYPE");
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
--
1.6.3.2
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html