- 09 Sep, 2021 1 commit
-
-
Make some syntax change to follow coding style.
punkymaniac committed
-
- 02 Sep, 2021 2 commits
-
-
Update the proxy detection for a remote. 1. Honor `http.<url>.proxy` syntax for a remote's direct URL and parent URLs. 2. Honor an empty configuration URL to override a proxy configuration. Add tests to ensure that configuration specificity is honored.
Edward Thomson committed -
Item 2 of 3 from #4164 Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Mathieu Parent committed
-
- 30 Aug, 2021 2 commits
-
-
Prior to this change, for CONNECT requests, the Host header was set to the host and port of the target http proxy. However, per the rfc7230 for HTTP/1.1 this is incorrect as the Host header should match the target of the CONNECT request, as detailed in section 5.3.3 & 5.4. 5.3.3. authority-form The authority-form of request-target is only used for CONNECT requests (Section 4.3.6 of [RFC7231]). authority-form = authority When making a CONNECT request to establish a tunnel through one or more proxies, a client MUST send only the target URI's authority component (excluding any userinfo and its "@" delimiter) as the request-target. For example, CONNECT www.example.com:80 HTTP/1.1 5.4. Host <snip> A client MUST send a Host header field in all HTTP/1.1 request messages. If the target URI includes an authority component, then a client MUST send a field-value for Host that is identical to that authority component, excluding any userinfo subcomponent and its "@" delimiter (Section 2.7.1). If the authority component is missing or undefined for the target URI, then a client MUST send a Host header field with an empty field-value. This issue was noticed when proxying requests through HAProxy 2.2 which rejects these invalid http requests.
Jesse Hathaway committed -
Edward Thomson committed
-
- 24 Aug, 2021 1 commit
-
-
The ntlmclient dependency can now dynamically load OpenSSL.
Edward Thomson committed
-
- 05 Aug, 2021 1 commit
-
-
Attempt authentication when a username is presented but a password is not; this can happen in particular when users are doing token authentication and specifying the token in the URL itself. For example, `https://token@host/` is a valid URI and should be treated as a username of `token` with an empty password.
Edward Thomson committed
-
- 15 Jul, 2021 1 commit
-
-
Makes usage of CLOCK_MONOTONIC conditional and makes functions that uses git__timer handle clock resynchronization. Call gettimeofday with tzp set to NULL as required by https://pubs.opengroup.org/onlinepubs/9699919799/functions/gettimeofday.html
Peter Pettersson committed
-
- 26 Jun, 2021 1 commit
-
-
Jacques Germishuys committed
-
- 04 Jun, 2021 1 commit
-
-
punkymaniac committed
-
- 03 Jun, 2021 1 commit
-
-
The call to git_proxy_options_dup will replace the url pointer of the proxy. But if the url pointer is already set, the old address will be lost forever and will never be free.
punkymaniac committed
-
- 12 May, 2021 2 commits
-
-
Tyler Ang-Wanek committed
-
Tyler Ang-Wanek committed
-
- 06 May, 2021 1 commit
-
-
Edward Thomson committed
-
- 18 Apr, 2021 1 commit
-
-
Tobias Nießen committed
-
- 02 Mar, 2021 1 commit
-
-
In some circumstances (e.g. when proxies are involved), winhttp will fail to reach the WINHTTP_CALLBACK_STATUS_SENDING_REQUEST phase. If this occurs, we'll error with ERROR_WINHTTP_INCORRECT_HANDLE_STATE when attempting to query the server certificate context (see https://docs.microsoft.com/en-us/windows/win32/api/winhttp/nf-winhttp-winhttpsendrequest#remarks). To avoid this, verify that WinHttpSendRequest has reached the WINHTTP_CALLBACK_STATUS_SENDING_REQUEST phase before checking the certificate. Since we're using WinHTTP in synchronous mode, we know for sure that once WinHttpSendRequest returns we've either sent it successfully or not. NOTE: WINHTTP_CALLBACK_STATUS_SENDING_REQUEST appears to be deprecated with no direct replacement. WINHTTP_CALLBACK_STATUS_SENDREQUEST_COMPLETE is only available in async mode, and there doesn't appear to be a method of querying this flag outside of the status callback.
Ian Hattendorf committed
-
- 15 Feb, 2021 1 commit
-
-
Aaron Franke committed
-
- 23 Dec, 2020 2 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
- 22 Dec, 2020 2 commits
-
-
This allows the library to be built using a pre-1.9.0 version of libssh2.
Miguel Arroz committed -
Specifically: ECDSA_256, ECDSA_384, ECDSA_521 and ED25519.
Miguel Arroz committed
-
- 06 Dec, 2020 1 commit
-
-
Clarify the `git_atomic` type and functions now that we have a 64 bit version as well (`git_atomic64`).
Edward Thomson committed
-
- 27 Nov, 2020 3 commits
-
-
`git_cert_x509` has the raw encoded certificate. Let's do the same for the SSH certificate for symmetry.
lhchavez committed -
Edward Thomson committed
-
Edward Thomson committed
-
- 11 Oct, 2020 2 commits
-
-
Provide a mechanism for system components to register for initialization and shutdown of the libgit2 runtime.
Edward Thomson committed -
Move the settings global data teardown into its own separate function, instead of intermingled with the global state.
Edward Thomson committed
-
- 14 Sep, 2020 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 10 Sep, 2020 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 08 Sep, 2020 1 commit
-
-
cf. RFC7230 section 6.7, an Upgrade header in a normal response merely informs the client that the server supports upgrading to other protocols, and the client can ask for such an upgrade in a later request. The server requiring an upgrade is via the 426 Upgrade Required response code, not the mere presence of the Upgrade response header. (closes issue #5573) Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 10 Jul, 2020 1 commit
-
-
Prior to this commit we freed both the server and proxy auth challenges in git_http_client_read_response. This works when the proxy needs auth or when the server needs auth, but it does not work when both the proxy and the server need auth as we erroneously remove the server auth challenge before we have added them as server credentials. Instead only remove the challenges for the current_server type. Co-authored-by: Stephen Gelman <ssgelm@gmail.com>
Jesse Hathaway committed
-
- 24 Jun, 2020 1 commit
-
-
Ian Hattendorf committed
-
- 09 Jun, 2020 2 commits
-
-
When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h" header to be empty. As a result, no function declarations are made available to callers, but the implementations are still available to link against. This has the problem that function declarations also aren't visible to the implementations, meaning that the symbol's visibility will not be set up correctly. As a result, the resulting library may not expose those deprecated symbols at all on some platforms and thus cause linking errors. Fix the issue by conditionally compiling deprecated functions, only. While it becomes impossible to link against such a library in case one uses deprecated functions, distributors of libgit2 aren't expected to pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real" hard deprecation still makes sense in the context of CI to test we don't use deprecated symbols ourselves and in case a dependant uses libgit2 in a vendored way and knows it won't ever use any of the deprecated symbols anyway.
Patrick Steinhardt committed -
We've accumulated quite some functions which are never used outside of their respective code unit, but which are lacking the `static` keyword. Add it to reduce their linkage scope and allow the compiler to optimize better.
Patrick Steinhardt committed
-
- 01 Jun, 2020 4 commits
-
-
The httpclient implementation keeps a `read_buf` that holds the data in the body of the response after the headers have been written. We store that data for subsequent calls to `git_http_client_read_body`. If we want to stop reading body data and send another request, we need to clear that cached data. Clear the cached body data on new requests, just like we read any outstanding data from the socket.
Edward Thomson committed -
When `git_http_client_read_body` is invoked, it provides the size of the buffer that can be read into. This will be set as the parser context's `output_size` member. Use this as an upper limit on our reads, and ensure that we do not read more than the client requests.
Edward Thomson committed -
We _dispose_ the contents of objects; we _free_ objects (and their contents). Update `git_strarray_free` to be `git_strarray_dispose`. `git_strarray_free` remains as a deprecated proxy function.
Edward Thomson committed -
When users call `git_http_client_read_body`, it should return 0 at the end of a message. When the `on_message_complete` callback is called, this will set `client->state` to `DONE`. In our read loop, we look for this condition and exit. Without this, when there is no data left except the end of message chunk (`0\r\n`) in the http stream, we would block by reading the three bytes off the stream but not making progress in any `on_body` callbacks. Listening to the `on_message_complete` callback allows us to stop trying to read from the socket when we've read the end of message chunk.
Edward Thomson committed
-
- 26 Mar, 2020 1 commit
-
-
Signed-off-by: Utkarsh Gupta <utkarsh@debian.org>
Utkarsh Gupta committed
-
- 05 Mar, 2020 1 commit
-
-
Use a 16kb read buffer for compatibility with macOS SecureTransport. SecureTransport `SSLRead` has the following behavior: 1. It will return _at most_ one TLS packet's worth of data, and 2. It will try to give you as much data as you asked for This means that if you call `SSLRead` with a buffer size that is smaller than what _it_ reads (in other words, the maximum size of a TLS packet), then it will buffer that data for subsequent calls. However, it will also attempt to give you as much data as you requested in your SSLRead call. This means that it will guarantee a network read in the event that it has buffered data. Consider our 8kb buffer and a server sending us 12kb of data on an HTTP Keep-Alive session. Our first `SSLRead` will read the TLS packet off the network. It will return us the 8kb that we requested and buffer the remaining 4kb. Our second `SSLRead` call will see the 4kb that's buffered and decide that it could give us an additional 4kb. So it will do a network read. But there's nothing left to read; that was the end of the data. The HTTP server is waiting for us to provide a new request. The server will eventually time out, our `read` system call will return, `SSLRead` can return back to us and we can make progress. While technically correct, this is wildly ineffecient. (Thanks, Tim Apple!) Moving us to use an internal buffer that is the maximum size of a TLS packet (16kb) ensures that `SSLRead` will never buffer and it will always return everything that it read (albeit decrypted).
Edward Thomson committed
-