From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Wei Shuyu <wsy@dogben.com>
Cc: git@vger.kernel.org, jrnieder@gmail.com, gitster@pobox.com,
peff@peff.net
Subject: Re: [RFC PATCH v2] http: support CURLPROXY_HTTPS
Date: Sat, 23 Dec 2017 18:48:47 +0100 [thread overview]
Message-ID: <878tdts5c0.fsf@evledraar.gmail.com> (raw)
In-Reply-To: <20171223150215.8615-1-wsy@dogben.com>
On Sat, Dec 23 2017, Wei Shuyu jotted:
> Git has been taught to support an https:// used for http.proxy when
> using recent versions of libcurl.
>
> To use https proxy with self-signed certs, we need a way to
> unset CURLOPT_PROXY_SSL_VERIFYPEER and CURLOPT_PROXY_SSL_VERIFYHOST
> just like direct SSL connection. This is required if we want
> use t/lib-httpd to test proxy.
>
> In this patch I reuse http.sslverify to do this, do we need an
> independent option like http.sslproxyverify?
>
> To fully support https proxy, we also need ways to set more options
> such as CURLOPT_PROXY_SSLCERT. However, I'm not sure if we need to
> support them.
It would be good to add a link to
https://daniel.haxx.se/blog/2016/11/26/https-proxy-with-curl/ to the
commit message, since it explains in great detail what this is for and
how it compares to what we were doing before.
> Signed-off-by: Wei Shuyu <wsy@dogben.com>
> ---
> http.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/http.c b/http.c
> index 215bebef1..d8a5e48f0 100644
> --- a/http.c
> +++ b/http.c
> @@ -708,6 +708,10 @@ static CURL *get_curl_handle(void)
> if (!curl_ssl_verify) {
> curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
> curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
> +#if LIBCURL_VERSION_NUM >= 0x073400
> + curl_easy_setopt(result, CURLOPT_PROXY_SSL_VERIFYPEER, 0);
> + curl_easy_setopt(result, CURLOPT_PROXY_SSL_VERIFYHOST, 0);
> +#endif
> } else {
> /* Verify authenticity of the peer's certificate */
> curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
> @@ -865,6 +869,11 @@ static CURL *get_curl_handle(void)
> else if (starts_with(curl_http_proxy, "socks"))
> curl_easy_setopt(result,
> CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
> +#endif
> +#if LIBCURL_VERSION_NUM >= 0x073400
> + else if (starts_with(curl_http_proxy, "https"))
> + curl_easy_setopt(result,
> + CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
> #endif
> if (strstr(curl_http_proxy, "://"))
> credential_from_url(&proxy_auth, curl_http_proxy);
next prev parent reply other threads:[~2017-12-23 17:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-23 15:02 [RFC PATCH v2] http: support CURLPROXY_HTTPS Wei Shuyu
2017-12-23 17:48 ` Ævar Arnfjörð Bjarmason [this message]
2017-12-27 18:44 ` Junio C Hamano
2017-12-27 18:29 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878tdts5c0.fsf@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=wsy@dogben.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.