[PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Nelson Benitez Leon]

cURL already reads it, but if $http_proxy has username but no password
cURL will not ask you for the password and so failed to authenticate
returning a 407 error code. So we read it ourselves to detect that and
ask for the password. Also we read it prior to connection to be able to
make a proactive authentication in case the flag http_proactive_auth is
set.

Signed-off-by: Nelson Benitez Leon <nbenitezl@gmail.com>
---
 http.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/http.c b/http.c
index 8ac8eb6..8932da5 100644
--- a/http.c
+++ b/http.c
@@ -295,6 +295,13 @@ static CURL *get_curl_handle(void)
 	if (curl_ftp_no_epsv)
 		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
 
+	if (!curl_http_proxy) {
+		const char *env_proxy;
+		env_proxy = getenv("http_proxy");
+		if (env_proxy) {
+			curl_http_proxy = xstrdup(env_proxy);
+		}
+	}
 	if (curl_http_proxy) {
 		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
 		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
-- 
1.7.7.6

Re: [PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Junio C Hamano]

Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es> writes:

> cURL already reads it, but if $http_proxy has username but no password
> cURL will not ask you for the password and so failed to authenticate
> returning a 407 error code. So we read it ourselves to detect that and
> ask for the password. Also we read it prior to connection to be able to
> make a proactive authentication in case the flag http_proactive_auth is
> set.
>
> Signed-off-by: Nelson Benitez Leon <nbenitezl@gmail.com>
> ---

The above does not address my earlier worries about compatibility
across curl applications (it does not even say "it does not matter;
we do not care about other's application"), so let's spell it out
again.  When the user has

	http_proxy=http://me@proxy.example.com
	export http_proxy

with your patch, git might do whatever we desire to do, and the end
result may be better, but how would the user experience be for the
user when using other curl based programs on the same system?

Also I thought the conclusion from the other thread was that even if
we were to do this, we should apply the http_proxy environment only
when we are talking to http:// and for https:// we would instead
read HTTPS_PROXY or something?

>  http.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/http.c b/http.c
> index 8ac8eb6..8932da5 100644
> --- a/http.c
> +++ b/http.c
> @@ -295,6 +295,13 @@ static CURL *get_curl_handle(void)
>  	if (curl_ftp_no_epsv)
>  		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
>  
> +	if (!curl_http_proxy) {
> +		const char *env_proxy;
> +		env_proxy = getenv("http_proxy");
> +		if (env_proxy) {
> +			curl_http_proxy = xstrdup(env_proxy);
> +		}
> +	}
>  	if (curl_http_proxy) {
>  		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
>  		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);

Re: [PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Nelson Benitez Leon]

On 03/05/2012 06:30 PM, Junio C Hamano wrote:
> Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es> writes:
> 
>> cURL already reads it, but if $http_proxy has username but no password
>> cURL will not ask you for the password and so failed to authenticate
>> returning a 407 error code. So we read it ourselves to detect that and
>> ask for the password. Also we read it prior to connection to be able to
>> make a proactive authentication in case the flag http_proactive_auth is
>> set.
>>
>> Signed-off-by: Nelson Benitez Leon <nbenitezl@gmail.com>
>> ---
> 
> The above does not address my earlier worries about compatibility
> across curl applications (it does not even say "it does not matter;
> we do not care about other's application"), so let's spell it out
> again.  When the user has
> 
> 	http_proxy=http://me@proxy.example.com
> 	export http_proxy
> 
> with your patch, git might do whatever we desire to do, and the end
> result may be better, but how would the user experience be for the
> user when using other curl based programs on the same system?

As I said in the commit message, in that cases a 407 error will be
returned from those applications, because curl will not ask you for
the password, I tested that myself, maybe my message is not clear
enough, you can suggest me a better wording or feel free to amend it
yourself :-). 

An $http_proxy without password means it needs support from the application,
I expect users who put a proxy url without password to be confident that 
the application they're using will ask them for the password (git in this
case), if they're not sure they have to go with the standard approach of
setting both username and password in $http_proxy to obtain full
compatibility amongst any programs (at the cost of having the password
written down somewhere).

> 
> Also I thought the conclusion from the other thread was that even if
> we were to do this, we should apply the http_proxy environment only
> when we are talking to http:// and for https:// we would instead
> read HTTPS_PROXY or something?

Ok I completely miss this, can this be added in a later patch?

> 
>>  http.c |    7 +++++++
>>  1 files changed, 7 insertions(+), 0 deletions(-)
>>
>> diff --git a/http.c b/http.c
>> index 8ac8eb6..8932da5 100644
>> --- a/http.c
>> +++ b/http.c
>> @@ -295,6 +295,13 @@ static CURL *get_curl_handle(void)
>>  	if (curl_ftp_no_epsv)
>>  		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
>>  
>> +	if (!curl_http_proxy) {
>> +		const char *env_proxy;
>> +		env_proxy = getenv("http_proxy");
>> +		if (env_proxy) {
>> +			curl_http_proxy = xstrdup(env_proxy);
>> +		}
>> +	}
>>  	if (curl_http_proxy) {
>>  		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
>>  		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Jeff King]

On Tue, Mar 06, 2012 at 01:22:46PM +0100, Nelson Benitez Leon wrote:

> > Also I thought the conclusion from the other thread was that even if
> > we were to do this, we should apply the http_proxy environment only
> > when we are talking to http:// and for https:// we would instead
> > read HTTPS_PROXY or something?
> 
> Ok I completely miss this, can this be added in a later patch?

Hmm. Your current series munges the curl_http_proxy variable in order to
put the username and password in, and therefore needs to know what is in
the proxy variable.

But if you switch patch 4/4 to set CURLOPT_PROXYUSERPWD, then we won't
need to care what's in curl_http_proxy, no? We will get a 407 from curl
because curl detected the proxy (either from the environment, or because
we actually told it via curl_http_proxy), and then we will fill in the
username and password without touching the actual proxy URL.

So this patch can just be dropped at that point, right?

-Peff

Re: [PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Nelson Benitez Leon]

On 03/06/2012 12:27 PM, Jeff King wrote:
> On Tue, Mar 06, 2012 at 01:22:46PM +0100, Nelson Benitez Leon wrote:
> 
>>> Also I thought the conclusion from the other thread was that even if
>>> we were to do this, we should apply the http_proxy environment only
>>> when we are talking to http:// and for https:// we would instead
>>> read HTTPS_PROXY or something?
>>
>> Ok I completely miss this, can this be added in a later patch?
> 
> Hmm. Your current series munges the curl_http_proxy variable in order to
> put the username and password in, and therefore needs to know what is in
> the proxy variable.
> 
> But if you switch patch 4/4 to set CURLOPT_PROXYUSERPWD, then we won't
> need to care what's in curl_http_proxy, no? We will get a 407 from curl
> because curl detected the proxy (either from the environment, or because
> we actually told it via curl_http_proxy), and then we will fill in the
> username and password without touching the actual proxy URL.
> 
> So this patch can just be dropped at that point, right?

I think so, I will try 4/4 using proxyuserpwd.

Re: [PATCH v3 2/4] http: try http_proxy env var when http.proxy config option is not set

[Junio C Hamano]

Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es> writes:

> As I said in the commit message, in that cases a 407 error will be
> returned from those applications, because curl will not ask you for
> the password,...

If that is the case, people cannot write their username in the
http_proxy environment variable---otherwise they will not be able to
use these applications. If people do not have username in that
environment, this patch will not help us.

I think I saw you and Peff discussing down-thread that this patch
may not be needed, so if that is the case it is good---we won't have
to worry about it.

Thanks.