Re: [PATCH v2 1/3]http: authenticate on NTLM proxies and others suppported by CuRL

[Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es>]

On 03/01/2012 08:07 PM, Junio C Hamano wrote:
> Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es> writes:
> 
> Thanks; doesn't a missing space before http: above look ugly to you, by
> the way?
> 
>> CURLAUTH_ANY option automatically chooses the best auth method from
>> among those the server supports, that means curl will ask the proxy and
>> use the appropiate, and it will only do that if you are using a proxy
>> (i.e. you've set CURLOPT_PROXY or you have http_proxy env var), also
>> curl will not try to authenticate if you've not provided username or
>> password in the proxy string, as told here[1]..
> 
> The above may justify why you used CURLAUTH_ANY as opposed to
> CURLAUTH_BASIC or other types, but without any description of the problem
> you are trying to solve before that paragraph, it does not justify why you
> are adding a code to use CURLOPT_PROXYAUTH in the first place.
> 
> This is my *guess* of the problem you are trying to solve.

I've ammended the commit message with your wording, text as follows:

When the proxy server specified by the http.proxy configuration or
the http_proxy environment variable requires authentication, git
failed to connect to the proxy, because we did not configure the
cURL handle with CURLOPT_PROXYAUTH.

When a proxy is in use, and you tell git that the proxy requires
authentication by having username in the http.proxy configuration,
an extra request needs to be made to the proxy to find out what
authentication method it supports, as this patch uses CURLAUTH_ANY
to let the library pick the most secure method supported by the
proxy server.

The extra round-trip adds extra latency, but relieves the user
from the burden to configure a specific authentication method.  If
it becomes problem, a later patch could add a configuration option
to specify what method to use, but let's start simple for the time
being.

So as CURLAUTH_ANY provide us out-of-the-box proxy support, we don't
want it activated manually from a config option, instead we added it
automatically when a proxy is being used.

Signed-off-by: Nelson Benitez Leon <nbenitezl@gmail.com>
---
 http.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/http.c b/http.c
index 0ffd79c..8ac8eb6 100644
--- a/http.c
+++ b/http.c
@@ -295,8 +295,10 @@ static CURL *get_curl_handle(void)
 	if (curl_ftp_no_epsv)
 		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
 
-	if (curl_http_proxy)
+	if (curl_http_proxy) {
 		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
+	}
 
 	return result;
 }
-- 
1.7.7.6