Git currently supports connecting to proxies through HTTPS. However it does not allow you to configure SSL options when connecting (i.e. client cert, key, cainfo). These set of commits add the necessary options and documentation needed to support them. Libcurl already has support for this so changes are somewhat minimal. I ran the CI tests and verified manually with an HTTPS proxy that changes are working as expected. I didn't see integration tests under /t or tests that verified libcurl integration. ./bin-wrappers/git -c http.proxy=https://<PROXY-HOSTNAME> \ -c http.proxycert=<CERT> -c http.proxykey=<KEY> \ clone https://github.com/jalopezsilva/dotfiles.git Jorge Lopez Silva (2): http: add client cert for HTTPS proxies. config: documentation for HTTPS proxy client cert. Documentation/config/http.txt | 14 ++++++++++ http.c | 48 +++++++++++++++++++++++++++++++---- 2 files changed, 57 insertions(+), 5 deletions(-) base-commit: 51ebf55b9309824346a6589c9f3b130c6f371b8f Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-559%2Fjalopezsilva%2Fhttps_proxy_ssl_options-v2 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-559/jalopezsilva/https_proxy_ssl_options-v2 Pull-Request: https://github.com/gitgitgadget/git/pull/559 Range-diff vs v1: 1: 3cf866d0384 ! 1: a5d980e7501 http: add client cert for HTTPS proxies. @@ -27,7 +27,7 @@ +#if LIBCURL_VERSION_NUM >= 0x073400 +static const char *http_proxy_ssl_cert; +static const char *http_proxy_ssl_key; -+static const char *http_proxy_ssl_key_passwd; ++static const char *http_proxy_ssl_keypasswd; +#endif +static const char *http_proxy_ssl_ca_info; + @@ -46,7 +46,7 @@ + return git_config_string(&http_proxy_ssl_key, var, value); + + if (!strcmp("http.proxykeypass", var)) -+ return git_config_string(&http_proxy_ssl_key_passwd, var, value); ++ return git_config_string(&http_proxy_ssl_keypasswd, var, value); + + if (!strcmp("http.proxycainfo", var)) + return git_config_string(&http_proxy_ssl_ca_info, var, value); @@ -77,23 +77,21 @@ #endif #if LIBCURL_VERSION_NUM >= 0x073400 - else if (starts_with(curl_http_proxy, "https")) +- curl_easy_setopt(result, +- CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); + else if (starts_with(curl_http_proxy, "https")) { - curl_easy_setopt(result, - CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); ++ curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); + -+ if (http_proxy_ssl_cert != NULL) { -+ curl_easy_setopt(result, -+ CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert); -+ } -+ if (http_proxy_ssl_key != NULL) { -+ curl_easy_setopt(result, -+ CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key); -+ } -+ if (http_proxy_ssl_key_passwd != NULL) { -+ curl_easy_setopt(result, -+ CURLOPT_PROXY_KEYPASSWD, http_proxy_ssl_key_passwd); -+ } -+ } ++ if (http_proxy_ssl_cert != NULL) ++ curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert); ++ ++ if (http_proxy_ssl_key != NULL) ++ curl_easy_setopt(result, CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key); ++ ++ if (http_proxy_ssl_keypasswd != NULL) ++ curl_easy_setopt(result, CURLOPT_PROXY_KEYPASSWD, http_proxy_ssl_keypasswd); ++ ++ } #endif if (strstr(curl_http_proxy, "://")) credential_from_url(&proxy_auth, curl_http_proxy); 2: 583fdd0fe9b = 2: c40207a3928 config: documentation for HTTPS proxy client cert. -- gitgitgadget