* [PATCH] Support FTP-over-SSL/TLS for regular FTP @ 2013-01-12 13:59 Modestas Vainius 2013-01-12 14:25 ` Matt Kraai 0 siblings, 1 reply; 5+ messages in thread From: Modestas Vainius @ 2013-01-12 13:59 UTC (permalink / raw) To: git; +Cc: Modestas Vainius Add a boolean http.sslTry option which allows to enable AUTH SSL/TLS and encrypted data transfers when connecting via regular FTP protocol. Default is false since it might trigger certificate verification errors on misconfigured servers. Signed-off-by: Modestas Vainius <modestas@vainius.eu> --- Documentation/config.txt | 8 ++++++++ http.c | 10 ++++++++++ http.h | 9 +++++++++ 3 files changed, 27 insertions(+) diff --git a/Documentation/config.txt b/Documentation/config.txt index d5809e0..1abd161 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1406,6 +1406,14 @@ http.sslCAPath:: with when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_CAPATH' environment variable. +http.sslTry:: + Attempt to use AUTH SSL/TLS and encrypted data transfers + when connecting via regular FTP protocol. This might be needed + if the FTP server requires it for security reasons or you wish + to connect securely whenever remote FTP server supports it. + Default is false since it might trigger certificate verification + errors on misconfigured servers. + http.maxRequests:: How many HTTP requests to launch in parallel. Can be overridden by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5. diff --git a/http.c b/http.c index 44f3525..d49a3d4 100644 --- a/http.c +++ b/http.c @@ -30,6 +30,7 @@ static CURL *curl_default; char curl_errorstr[CURL_ERROR_SIZE]; static int curl_ssl_verify = -1; +static int curl_ssl_try; static const char *ssl_cert; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; @@ -162,6 +163,10 @@ static int http_options(const char *var, const char *value, void *cb) ssl_cert_password_required = 1; return 0; } + if (!strcmp("http.ssltry", var)) { + curl_ssl_try = git_config_bool(var, value); + return 0; + } if (!strcmp("http.minsessions", var)) { min_curl_sessions = git_config_int(var, value); #ifndef USE_CURL_MULTI @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) if (curl_ftp_no_epsv) curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); +#ifdef CURLOPT_USE_SSL + if (curl_ssl_try) + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); +#endif + if (curl_http_proxy) { curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); diff --git a/http.h b/http.h index 0a80d30..f861662 100644 --- a/http.h +++ b/http.h @@ -42,6 +42,15 @@ #define NO_CURL_IOCTL #endif +/* + * CURLOPT_USE_SSL was known as CURLOPT_FTP_SSL up to 7.16.4, + * and the constants were known as CURLFTPSSL_* +*/ +#if !defined(CURLOPT_USE_SSL) && defined(CURLOPT_FTP_SSL) +#define CURLOPT_USE_SSL CURLOPT_FTP_SSL +#define CURLUSESSL_TRY CURLFTPSSL_TRY +#endif + struct slot_results { CURLcode curl_result; long http_code; -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] Support FTP-over-SSL/TLS for regular FTP 2013-01-12 13:59 [PATCH] Support FTP-over-SSL/TLS for regular FTP Modestas Vainius @ 2013-01-12 14:25 ` Matt Kraai 2013-01-12 14:51 ` Modestas Vainius 0 siblings, 1 reply; 5+ messages in thread From: Matt Kraai @ 2013-01-12 14:25 UTC (permalink / raw) To: Modestas Vainius; +Cc: git On Sat, Jan 12, 2013 at 03:59:52PM +0200, Modestas Vainius wrote: > @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) > if (curl_ftp_no_epsv) > curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); > > +#ifdef CURLOPT_USE_SSL > + if (curl_ssl_try) > + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); > +#endif > + > if (curl_http_proxy) { > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); It looks like the indentation of the "if" line you added is messed up. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Support FTP-over-SSL/TLS for regular FTP 2013-01-12 14:25 ` Matt Kraai @ 2013-01-12 14:51 ` Modestas Vainius 2013-02-25 6:44 ` Junio C Hamano 0 siblings, 1 reply; 5+ messages in thread From: Modestas Vainius @ 2013-01-12 14:51 UTC (permalink / raw) To: Matt Kraai; +Cc: git Hello, Saturday 12 January 2013 06:25:21 rašė: > On Sat, Jan 12, 2013 at 03:59:52PM +0200, Modestas Vainius wrote: > > @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) > > > > if (curl_ftp_no_epsv) > > > > curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); > > > > +#ifdef CURLOPT_USE_SSL > > + if (curl_ssl_try) > > + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); > > +#endif > > + > > > > if (curl_http_proxy) { > > > > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); > > It looks like the indentation of the "if" line you added is messed up. Yeah, sorry about that. I will fix it. -- Modestas Vainius <modestas@vainius.eu> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Support FTP-over-SSL/TLS for regular FTP 2013-01-12 14:51 ` Modestas Vainius @ 2013-02-25 6:44 ` Junio C Hamano 2013-04-07 19:10 ` Modestas Vainius 0 siblings, 1 reply; 5+ messages in thread From: Junio C Hamano @ 2013-02-25 6:44 UTC (permalink / raw) To: Modestas Vainius; +Cc: Matt Kraai, git Modestas Vainius <modestas@vainius.eu> writes: > Hello, > > Saturday 12 January 2013 06:25:21 rašė: >> On Sat, Jan 12, 2013 at 03:59:52PM +0200, Modestas Vainius wrote: >> > @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) >> > >> > if (curl_ftp_no_epsv) >> > >> > curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); >> > >> > +#ifdef CURLOPT_USE_SSL >> > + if (curl_ssl_try) >> > + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); >> > +#endif >> > + >> > >> > if (curl_http_proxy) { >> > >> > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); >> > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); >> >> It looks like the indentation of the "if" line you added is messed up. > > Yeah, sorry about that. I will fix it. Did anything happen to this topic since then? ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Support FTP-over-SSL/TLS for regular FTP 2013-02-25 6:44 ` Junio C Hamano @ 2013-04-07 19:10 ` Modestas Vainius 0 siblings, 0 replies; 5+ messages in thread From: Modestas Vainius @ 2013-04-07 19:10 UTC (permalink / raw) To: Junio C Hamano; +Cc: Matt Kraai, git Hello, Sunday 24 February 2013 22:44:14 rašė: > Modestas Vainius <modestas@vainius.eu> writes: > > Hello, > > > > Saturday 12 January 2013 06:25:21 rašė: > >> On Sat, Jan 12, 2013 at 03:59:52PM +0200, Modestas Vainius wrote: > >> > @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void) > >> > > >> > if (curl_ftp_no_epsv) > >> > > >> > curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); > >> > > >> > +#ifdef CURLOPT_USE_SSL > >> > + if (curl_ssl_try) > >> > + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); > >> > +#endif > >> > + > >> > > >> > if (curl_http_proxy) { > >> > > >> > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > >> > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); > >> > >> It looks like the indentation of the "if" line you added is messed up. > > > > Yeah, sorry about that. I will fix it. > > Did anything happen to this topic since then? I'm very sorry about delay. Fixed patch is below. From 4f39352fe8dd85aa99f2141baa6a096da727c53e Mon Sep 17 00:00:00 2001 From: Modestas Vainius <modestas@vainius.eu> Date: Sun, 7 Apr 2013 22:08:10 +0300 Subject: [PATCH] Support FTP-over-SSL/TLS for regular FTP Add a boolean http.sslTry option which allows to enable AUTH SSL/TLS and encrypted data transfers when connecting via regular FTP protocol. Default is false since it might trigger certificate verification errors on misconfigured servers. Signed-off-by: Modestas Vainius <modestas@vainius.eu> --- Documentation/config.txt | 8 ++++++++ http.c | 10 ++++++++++ http.h | 9 +++++++++ 3 files changed, 27 insertions(+) diff --git a/Documentation/config.txt b/Documentation/config.txt index f79184c..da30cfd 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1447,6 +1447,14 @@ http.sslCAPath:: with when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_CAPATH' environment variable. +http.sslTry:: + Attempt to use AUTH SSL/TLS and encrypted data transfers + when connecting via regular FTP protocol. This might be needed + if the FTP server requires it for security reasons or you wish + to connect securely whenever remote FTP server supports it. + Default is false since it might trigger certificate verification + errors on misconfigured servers. + http.maxRequests:: How many HTTP requests to launch in parallel. Can be overridden by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5. diff --git a/http.c b/http.c index 8803c70..f791fcb 100644 --- a/http.c +++ b/http.c @@ -31,6 +31,7 @@ static CURL *curl_default; char curl_errorstr[CURL_ERROR_SIZE]; static int curl_ssl_verify = -1; +static int curl_ssl_try; static const char *ssl_cert; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; @@ -163,6 +164,10 @@ static int http_options(const char *var, const char *value, void *cb) ssl_cert_password_required = 1; return 0; } + if (!strcmp("http.ssltry", var)) { + curl_ssl_try = git_config_bool(var, value); + return 0; + } if (!strcmp("http.minsessions", var)) { min_curl_sessions = git_config_int(var, value); #ifndef USE_CURL_MULTI @@ -307,6 +312,11 @@ static CURL *get_curl_handle(void) if (curl_ftp_no_epsv) curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); +#ifdef CURLOPT_USE_SSL + if (curl_ssl_try) + curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY); +#endif + if (curl_http_proxy) { curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); diff --git a/http.h b/http.h index 25d1931..097514d 100644 --- a/http.h +++ b/http.h @@ -42,6 +42,15 @@ #define NO_CURL_IOCTL #endif +/* + * CURLOPT_USE_SSL was known as CURLOPT_FTP_SSL up to 7.16.4, + * and the constants were known as CURLFTPSSL_* +*/ +#if !defined(CURLOPT_USE_SSL) && defined(CURLOPT_FTP_SSL) +#define CURLOPT_USE_SSL CURLOPT_FTP_SSL +#define CURLUSESSL_TRY CURLFTPSSL_TRY +#endif + struct slot_results { CURLcode curl_result; long http_code; -- 1.7.10.4 -- Modestas Vainius <modestas@vainius.eu> ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-04-08 6:44 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-01-12 13:59 [PATCH] Support FTP-over-SSL/TLS for regular FTP Modestas Vainius 2013-01-12 14:25 ` Matt Kraai 2013-01-12 14:51 ` Modestas Vainius 2013-02-25 6:44 ` Junio C Hamano 2013-04-07 19:10 ` Modestas Vainius
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).