On Thu, Feb 23, 2017 at 04:31:13PM +0000, David Turner wrote: > > As somebody who is using non-Basic auth, can you apply these patches and > > show us the output of: > > > > GIT_TRACE_CURL=1 \ > > git ls-remote https://your-server 2>&1 >/dev/null | > > egrep '(Send|Recv) header: (GET|HTTP|Auth)' > > > > (without http.emptyauth turned on, obviously). > > The results appear to be identical with and without > the patch. With http.emptyauth turned off, > 16:27:28.208924 http.c:524 => Send header: GET /info/refs?service=git-upload-pack HTTP/1.1 > 16:27:28.212872 http.c:524 <= Recv header: HTTP/1.1 401 Authorization Required > Username for 'http://git': [I just pressed enter] > Password for 'http://git': [ditto] > 16:27:29.928872 http.c:524 => Send header: GET /info/refs?service=git-upload-pack HTTP/1.1 > 16:27:29.929787 http.c:524 <= Recv header: HTTP/1.1 401 Authorization Required Just to be sure: did you remove http.emptyauth config completely from your config files, or did you turn it to "false"? Because the new behavior only kicks in when it isn't configured at all (probably we should respect "auto" as a user-provided name). > (if someone else wants to replicate this, delete >/dev/null bit > from Jeff's shell snippet) Hrm, you shouldn't need to. The stderr redirection comes first, so it should become the new stdout. -Peff