On Mon, Oct 03, 2016 at 01:19:28PM -0400, David Turner wrote: > When using kerberos authentication, one URL pattern which is > allowed is http://@gitserver.example.com. This leads to a username > of zero-length, rather than a NULL username. But the two cases > should be treated the same by http.emptyauth. > > Signed-off-by: David Turner <dturner@xxxxxxxxxxxx> > --- > http.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/http.c b/http.c > index 82ed542..bd0dba2 100644 > --- a/http.c > +++ b/http.c > @@ -351,7 +351,7 @@ static int http_options(const char *var, const char *value, void *cb) > > static void init_curl_http_auth(CURL *result) > { > - if (!http_auth.username) { > + if (!http_auth.username || !*http_auth.username) { Hmm. This fixes this caller, but what about other users of the credential struct? I wonder if the correct fix is in credential_from_url(), which should avoid writing an empty field. OTOH, I can imagine that "http://user:@example.com"; would be a way to say "I have a username and the password is blank" without getting prompted. Which makes me wonder if it is useful to say "my username is blank" in the same way. I dunno. The code path you are changing _only_ affects anything if the http.emptyauth config is set. But I guess I just don't understand why you would say "http://@gitserver"; in the first place. Is that a common thing? -Peff