[PATCH v4] http: document sslcert and sslkey types and extend to proxy

"Ricky Davidson via GitGitGadget" <gitgitgadget@xxxxxxxxx> · Fri, 21 Apr 2023 03:35:59 +0000

From: Ricky Davidson <Ricky.Davidson@xxxxxxxxxxx>

0a01d41ee4 (http: add support for different sslcert and sslkey
types., 2023-03-20) added http.sslCertType and http.sslKeyType, but:

1. it does not document the feature.
2. it does not apply to SSL proxy equivalents.

Documents http.sslCertType and http.sslKeyType. Implements
http.proxySSLCertType. Does the same for http.sslKeyType and
http.proxySSLKeyType equivalents and related environment
variables.

Signed-off-by: Ricky Davidson <Ricky.Davidson@xxxxxxxxxxx>
---
    [PATCH] http: document sslcert and sslkey types and extend to proxy
    
    0a01d41ee4 (http: add support for different sslcert and sslkey types.,
    2023-03-20) added http.sslCertType and http.sslKeyType, but:
    
     1. it does not document the feature.
     2. it does not apply to SSL proxy equivalents.
    
    Documents http.sslCertType and http.sslKeyType. Implements
    http.proxySSLCertType. Does the same for http.sslKeyType and
    http.proxySSLKeyType equivalents and related environment variables.
    
    Signed-off-by: Ricky Davidson Ricky.Davidson@xxxxxxxxxxx

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1520%2FRicky-Davidson-hii-tsd%2Fmaster-v4
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1520/Ricky-Davidson-hii-tsd/master-v4
Pull-Request: https://github.com/gitgitgadget/git/pull/1520

Range-diff vs v3:

 1:  020c03104f4 ! 1:  c2489a9ed88 http: document sslcert and sslkey types and extend to proxy
     @@ Documentation/config/http.txt: http.proxySSLCert::
       
      +http.proxySSLCertType::
      +	Format of the client certificate used to authenticate with an HTTPS proxy.
     -+	Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
     ++	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
      +	a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
     -+	variable.
     ++	variable. For more information on accepted values, see libcurl's
     ++	`CURLOPT_PROXY_SSLCERTTYPE`.
      +
       http.proxySSLKey::
       	The pathname of a file that stores a private key to use to authenticate with
     @@ Documentation/config/http.txt: http.proxySSLCert::
       
      +http.proxySSLKeyType::
      +	Format of the client private key used to authenticate with an HTTPS proxy.
     -+	Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
     ++	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
      +	a crypto engine. Can be overridden by the `GIT_PROXY_SSL_KEY_TYPE` environment
     -+	variable.
     ++	variable. For more information on accepted values, see libcurl's
     ++	`CURLOPT_PROXY_SSLKEYTYPE`.
      +
       http.proxySSLCertPasswordProtected::
       	Enable Git's password prompt for the proxy SSL certificate.  Otherwise OpenSSL
     @@ Documentation/config/http.txt: http.sslCert::
       
      +http.sslCertType::
      +	Format of the SSL certificate used to authenticate over HTTPS.
     -+	Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
     ++	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
      +	a crypto engine. Can be overridden by the `GIT_SSL_CERT_TYPE` environment
     -+	variable.
     ++	variable. For more information on accepted values, see libcurl's
     ++	`CURLOPT_SSLCERTTYPE`.
      +
       http.sslKey::
       	File containing the SSL private key when fetching or pushing
     @@ Documentation/config/http.txt: http.sslCert::
       
      +http.sslKeyType::
      +	Format of the SSL private key used to authenticate over HTTPS.
     -+	Supported formats are `PEM` and `ENG`. The format `ENG` enables loading from
     -+	a crypto engine. Can be overridden by the `GIT_SSL_CERT_TYPE` environment
     -+	variable.
     ++	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
     ++	a crypto engine. Can be overridden by the `GIT_SSL_KEY_TYPE` environment
     ++	variable. For more information on accepted values, see libcurl's
     ++	`CURLOPT_SSLKEYTYPE`.
      +
       http.sslCertPasswordProtected::
       	Enable Git's password prompt for the SSL certificate.  Otherwise


 Documentation/config/http.txt | 28 ++++++++++++++++++++++++++++
 http.c                        | 12 ++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/Documentation/config/http.txt b/Documentation/config/http.txt
index afeeccfbfa7..dfca1a54123 100644
--- a/Documentation/config/http.txt
+++ b/Documentation/config/http.txt
@@ -34,11 +34,25 @@ http.proxySSLCert::
 	with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment
 	variable.
 
+http.proxySSLCertType::
+	Format of the client certificate used to authenticate with an HTTPS proxy.
+	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
+	a crypto engine. Can be overridden by the `GIT_PROXY_SSL_CERT_TYPE` environment
+	variable. For more information on accepted values, see libcurl's
+	`CURLOPT_PROXY_SSLCERTTYPE`.
+
 http.proxySSLKey::
 	The pathname of a file that stores a private key to use to authenticate with
 	an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment
 	variable.
 
+http.proxySSLKeyType::
+	Format of the client private key used to authenticate with an HTTPS proxy.
+	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
+	a crypto engine. Can be overridden by the `GIT_PROXY_SSL_KEY_TYPE` environment
+	variable. For more information on accepted values, see libcurl's
+	`CURLOPT_PROXY_SSLKEYTYPE`.
+
 http.proxySSLCertPasswordProtected::
 	Enable Git's password prompt for the proxy SSL certificate.  Otherwise OpenSSL
 	will prompt the user, possibly many times, if the certificate or private key
@@ -161,11 +175,25 @@ http.sslCert::
 	over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
 	variable.
 
+http.sslCertType::
+	Format of the SSL certificate used to authenticate over HTTPS.
+	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
+	a crypto engine. Can be overridden by the `GIT_SSL_CERT_TYPE` environment
+	variable. For more information on accepted values, see libcurl's
+	`CURLOPT_SSLCERTTYPE`.
+
 http.sslKey::
 	File containing the SSL private key when fetching or pushing
 	over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
 	variable.
 
+http.sslKeyType::
+	Format of the SSL private key used to authenticate over HTTPS.
+	Example values are `PEM` and `ENG`. The format `ENG` enables loading from
+	a crypto engine. Can be overridden by the `GIT_SSL_KEY_TYPE` environment
+	variable. For more information on accepted values, see libcurl's
+	`CURLOPT_SSLKEYTYPE`.
+
 http.sslCertPasswordProtected::
 	Enable Git's password prompt for the SSL certificate.  Otherwise
 	OpenSSL will prompt the user, possibly many times, if the
diff --git a/http.c b/http.c
index d5d82c5230f..bee4ea64115 100644
--- a/http.c
+++ b/http.c
@@ -74,7 +74,9 @@ static const char *curl_http_proxy;
 static const char *http_proxy_authmethod;
 
 static const char *http_proxy_ssl_cert;
+static const char *http_proxy_ssl_cert_type;
 static const char *http_proxy_ssl_key;
+static const char *http_proxy_ssl_key_type;
 static const char *http_proxy_ssl_ca_info;
 static struct credential proxy_cert_auth = CREDENTIAL_INIT;
 static int proxy_ssl_cert_password_required;
@@ -441,9 +443,13 @@ static int http_options(const char *var, const char *value, void *cb)
 
 	if (!strcmp("http.proxysslcert", var))
 		return git_config_string(&http_proxy_ssl_cert, var, value);
+	if (!strcmp("http.proxysslcerttype", var))
+		return git_config_string(&http_proxy_ssl_cert_type, var, value);
 
 	if (!strcmp("http.proxysslkey", var))
 		return git_config_string(&http_proxy_ssl_key, var, value);
+	if (!strcmp("http.proxysslkeytype", var))
+		return git_config_string(&http_proxy_ssl_key_type, var, value);
 
 	if (!strcmp("http.proxysslcainfo", var))
 		return git_config_string(&http_proxy_ssl_ca_info, var, value);
@@ -1146,9 +1152,13 @@ static CURL *get_curl_handle(void)
 
 			if (http_proxy_ssl_cert)
 				curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert);
+			if (http_proxy_ssl_cert_type)
+				curl_easy_setopt(result, CURLOPT_PROXY_SSLCERTTYPE, http_proxy_ssl_cert_type);
 
 			if (http_proxy_ssl_key)
 				curl_easy_setopt(result, CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key);
+			if (http_proxy_ssl_key_type)
+				curl_easy_setopt(result, CURLOPT_PROXY_SSLKEYTYPE, http_proxy_ssl_key_type);
 
 			if (has_proxy_cert_password())
 				curl_easy_setopt(result, CURLOPT_PROXY_KEYPASSWD, proxy_cert_auth.password);
@@ -1285,7 +1295,9 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
 		max_requests = DEFAULT_MAX_REQUESTS;
 
 	set_from_env(&http_proxy_ssl_cert, "GIT_PROXY_SSL_CERT");
+	set_from_env(&http_proxy_ssl_cert_type, "GIT_PROXY_SSL_CERT_TYPE");
 	set_from_env(&http_proxy_ssl_key, "GIT_PROXY_SSL_KEY");
+	set_from_env(&http_proxy_ssl_key_type, "GIT_PROXY_SSL_KEY_TYPE");
 	set_from_env(&http_proxy_ssl_ca_info, "GIT_PROXY_SSL_CAINFO");
 
 	if (getenv("GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED"))

base-commit: 667fcf4e15379790f0b609d6a83d578e69f20301
-- 
gitgitgadget






