1. 27 Feb, 2022 1 commit
  2. 23 Feb, 2022 1 commit
  3. 17 Oct, 2021 1 commit
    • str: introduce `git_str` for internal, `git_buf` is external · f0e693b1
      libgit2 has two distinct requirements that were previously solved by
      `git_buf`.  We require:
      
      1. A general purpose string class that provides a number of utility APIs
         for manipulating data (eg, concatenating, truncating, etc).
      2. A structure that we can use to return strings to callers that they
         can take ownership of.
      
      By using a single class (`git_buf`) for both of these purposes, we have
      confused the API to the point that refactorings are difficult and
      reasoning about correctness is also difficult.
      
      Move the utility class `git_buf` to be called `git_str`: this represents
      its general purpose, as an internal string buffer class.  The name also
      is an homage to Junio Hamano ("gitstr").
      
      The public API remains `git_buf`, and has a much smaller footprint.  It
      is generally only used as an "out" param with strict requirements that
      follow the documentation.  (Exceptions exist for some legacy APIs to
      avoid breaking callers unnecessarily.)
      
      Utility functions exist to convert a user-specified `git_buf` to a
      `git_str` so that we can call internal functions, then converting it
      back again.
      Edward Thomson committed
  4. 30 Aug, 2021 2 commits
    • Set Host Header to match CONNECT authority target · fc5d0e80
      Prior to this change, for CONNECT requests, the Host header was set to
      the host and port of the target http proxy. However, per the rfc7230 for
      HTTP/1.1 this is incorrect as the Host header should match the target of
      the CONNECT request, as detailed in section 5.3.3 & 5.4.
      
        5.3.3.  authority-form
      
         The authority-form of request-target is only used for CONNECT
         requests (Section 4.3.6 of [RFC7231]).
      
           authority-form = authority
      
         When making a CONNECT request to establish a tunnel through one or
         more proxies, a client MUST send only the target URI's authority
         component (excluding any userinfo and its "@" delimiter) as the
         request-target.  For example,
      
           CONNECT www.example.com:80 HTTP/1.1
      
        5.4.  Host
      
         <snip>
      
         A client MUST send a Host header field in all HTTP/1.1 request
         messages.  If the target URI includes an authority component, then a
         client MUST send a field-value for Host that is identical to that
         authority component, excluding any userinfo subcomponent and its "@"
         delimiter (Section 2.7.1).  If the authority component is missing or
         undefined for the target URI, then a client MUST send a Host header
         field with an empty field-value.
      
      This issue was noticed when proxying requests through HAProxy 2.2 which
      rejects these invalid http requests.
      Jesse Hathaway committed
  5. 12 May, 2021 2 commits
  6. 23 Dec, 2020 1 commit
  7. 27 Nov, 2020 1 commit
  8. 11 Oct, 2020 1 commit
  9. 08 Sep, 2020 1 commit
    • Don't fail if a HTTP server announces he supports a protocol upgrade · 2dea3eb4
      cf. RFC7230 section 6.7, an Upgrade header in a normal response merely informs the client that the server supports upgrading to other protocols, and the client can ask for such an upgrade in a later request. The server requiring an upgrade is via the 426 Upgrade Required response code, not the mere presence of the Upgrade response header.
      
      (closes issue #5573)
      
      Signed-off-by: Sven Strickroth <email@cs-ware.de>
      Sven Strickroth committed
  10. 10 Jul, 2020 1 commit
    • httpclient: only free challenges for current_server type · bd346313
      Prior to this commit we freed both the server and proxy auth challenges
      in git_http_client_read_response. This works when the proxy needs auth
      or when the server needs auth, but it does not work when both the proxy
      and the server need auth as we erroneously remove the server auth
      challenge before we have added them as server credentials. Instead only
      remove the challenges for the current_server type.
      
      Co-authored-by: Stephen Gelman <ssgelm@gmail.com>
      Jesse Hathaway committed
  11. 09 Jun, 2020 1 commit
  12. 01 Jun, 2020 3 commits
    • httpclient: clear the read_buf on new requests · 04c7bdb4
      The httpclient implementation keeps a `read_buf` that holds the data
      in the body of the response after the headers have been written.  We
      store that data for subsequent calls to `git_http_client_read_body`.  If
      we want to stop reading body data and send another request, we need to
      clear that cached data.
      
      Clear the cached body data on new requests, just like we read any
      outstanding data from the socket.
      Edward Thomson committed
    • httpclient: don't read more than the client wants · aa8b2c0f
      When `git_http_client_read_body` is invoked, it provides the size of the
      buffer that can be read into.  This will be set as the parser context's
      `output_size` member.  Use this as an upper limit on our reads, and
      ensure that we do not read more than the client requests.
      Edward Thomson committed
    • httpclient: read_body should return 0 at EOF · 570f0340
      When users call `git_http_client_read_body`, it should return 0 at the
      end of a message.  When the `on_message_complete` callback is called,
      this will set `client->state` to `DONE`.  In our read loop, we look for
      this condition and exit.
      
      Without this, when there is no data left except the end of message chunk
      (`0\r\n`) in the http stream, we would block by reading the three bytes
      off the stream but not making progress in any `on_body` callbacks.
      Listening to the `on_message_complete` callback allows us to stop trying
      to read from the socket when we've read the end of message chunk.
      Edward Thomson committed
  13. 26 Mar, 2020 1 commit
  14. 05 Mar, 2020 1 commit
    • httpclient: use a 16kb read buffer for macOS · 502e5d51
      Use a 16kb read buffer for compatibility with macOS SecureTransport.
      
      SecureTransport `SSLRead` has the following behavior:
      
      1. It will return _at most_ one TLS packet's worth of data, and
      2. It will try to give you as much data as you asked for
      
      This means that if you call `SSLRead` with a buffer size that is smaller
      than what _it_ reads (in other words, the maximum size of a TLS packet),
      then it will buffer that data for subsequent calls.  However, it will
      also attempt to give you as much data as you requested in your SSLRead
      call.  This means that it will guarantee a network read in the event
      that it has buffered data.
      
      Consider our 8kb buffer and a server sending us 12kb of data on an HTTP
      Keep-Alive session.  Our first `SSLRead` will read the TLS packet off
      the network.  It will return us the 8kb that we requested and buffer the
      remaining 4kb.  Our second `SSLRead` call will see the 4kb that's
      buffered and decide that it could give us an additional 4kb.  So it will
      do a network read.
      
      But there's nothing left to read; that was the end of the data.  The
      HTTP server is waiting for us to provide a new request.  The server will
      eventually time out, our `read` system call will return, `SSLRead` can
      return back to us and we can make progress.
      
      While technically correct, this is wildly ineffecient.  (Thanks, Tim
      Apple!)
      
      Moving us to use an internal buffer that is the maximum size of a TLS
      packet (16kb) ensures that `SSLRead` will never buffer and it will
      always return everything that it read (albeit decrypted).
      Edward Thomson committed
  15. 07 Feb, 2020 1 commit
  16. 26 Jan, 2020 1 commit
    • credential: change git_cred to git_credential · 3f54ba8b
      We avoid abbreviations where possible; rename git_cred to
      git_credential.
      
      In addition, we have standardized on a trailing `_t` for enum types,
      instead of using "type" in the name.  So `git_credtype_t` has become
      `git_credential_t` and its members have become `GIT_CREDENTIAL` instead
      of `GIT_CREDTYPE`.
      
      Finally, the source and header files have been renamed to `credential`
      instead of `cred`.
      
      Keep previous name and values as deprecated, and include the new header
      files from the previous ones.
      Edward Thomson committed
  17. 24 Jan, 2020 9 commits
    • http: introduce GIT_ERROR_HTTP · e9cef7c4
      Disambiguate between general network problems and HTTP problems in error
      codes.
      Edward Thomson committed
    • httpclient: support expect/continue · 7372573b
      Allow users to opt-in to expect/continue handling when sending a POST
      and we're authenticated with a "connection-based" authentication
      mechanism like NTLM or Negotiate.
      
      If the response is a 100, return to the caller (to allow them to post
      their body).  If the response is *not* a 100, buffer the response for
      the caller.
      
      HTTP expect/continue is generally safe, but some legacy servers
      have not implemented it correctly.  Require it to be opt-in.
      Edward Thomson committed
    • httpclient: support CONNECT proxies · 6c21c989
      Fully support HTTP proxies, in particular CONNECT proxies, that allow us
      to speak TLS through a proxy.
      Edward Thomson committed
    • httpclient: handle chunked responses · 6b208836
      Detect responses that are sent with Transfer-Encoding: chunked, and
      record that information so that we can consume the entire message body.
      Edward Thomson committed
    • httpclient: support authentication · 6a095679
      Store the last-seen credential challenges (eg, all the
      'WWW-Authenticate' headers in a response message).  Given some
      credentials, find the best (first) challenge whose mechanism supports
      these credentials.  (eg, 'Basic' supports username/password credentials,
      'Negotiate' supports default credentials).
      
      Set up an authentication context for this mechanism and these
      credentials.  Continue exchanging challenge/responses until we're
      authenticated.
      Edward Thomson committed
    • httpclient: consume final chunk message · 1152f361
      When sending a new request, ensure that we got the entirety of the
      response body.  Our caller may have decided that they were done reading.
      If we were not at the end of the message, this means that we need to
      tear down the connection and cannot do keep-alive.
      
      However, if the caller read all of the message, but we still have a
      final end-of-response chunk signifier (ie, "0\r\n\r\n") on the socket,
      then we should consider that the response was successfully copmleted.
      
      If we're asked to send a new request, try to read from the socket, just
      to clear out that end-of-chunk message, marking ourselves as
      disconnected on any errors.
      Edward Thomson committed
    • httpclient: add chunk support to POST · 84b99a95
      Teach httpclient how to support chunking when POSTing request bodies.
      Edward Thomson committed
    • httpclient: introduce a simple http implementation · eacecebd
      Introduce a new http client implementation that can GET and POST to
      remote URLs.
      
      Consumers can use `git_http_client_init` to create a new client,
      `git_http_client_send_request` to send a request to the remote server
      and `git_http_client_read_response` to read the response.
      
      The http client implementation will perform the I/O with the remote
      server (http or https) but does not understand the git smart transfer
      protocol.  This allows us to split the concerns of the http subtransport
      from the actual http implementation.
      Edward Thomson committed