Re: [PATCH 1/2] http.c: prompt for SSL client certificate password

[Constantine Plotnikov <constantine.plotnikov@gmail.com>]

How it works if git is run from IDEs (no tty will be available)?
Is there a way to redefine the way the password is got?
What about scripting scenarios where passwordless certificates are
likely to be used?

Regards,
Constantine

On Fri, Jun 5, 2009 at 6:44 AM, Mark Lodato <lodatom@gmail.com> wrote:
> Any thoughts on this?  I would love to see this in git 1.6.4, and I
> don't think it affects people who do not use certificates.
>
> ~ Mark
>
> On Wed, May 27, 2009 at 11:16 PM, Mark Lodato<lodatom@gmail.com> wrote:
>> If an SSL client certificate is enabled (via http.sslcert or
>> GIT_SSL_CERT), prompt for the certificate password rather than
>> defaulting to OpenSSL's password prompt.  This causes the prompt to only
>> appear once each run.  Previously, OpenSSL prompted the user *many*
>> times, causing git to be unusable over HTTPS with client-side
>> certificates.
>>
>> Note that the password is stored in memory in the clear while the
>> program is running.  This may be a security problem if git crashes and
>> core dumps.
>>
>> The user is always prompted, even if the certificate is not encrypted.
>> This should be fine; unencrypted certificates are rare and a security
>> risk anyway.
>>
>> Signed-off-by: Mark Lodato <lodatom@gmail.com>
>> ---
>>
>> See http://osdir.com/ml/git/2009-02/msg03402.html for a discussion of
>> this topic and an example showing how horrible the current password
>> prompts are.
>>
>> The next patch adds an option to disable this feature.  I split it into
>> two commits in case the configuration option is not wanted.
>>
>> I did not create any tests because the existing http.sslcert option has
>> no tests to begin with.
>>
>> I would really like to use git over HTTPS with client certs, but the
>> current situation is just unusable.  So, I'm hoping this gets included
>> in git.git at some point.  I would be happy to hear any comments people
>> have about this patch series.  Thanks!
>>
>>
>>  http.c |   40 +++++++++++++++++++++++++++++++++++++++-
>>  1 files changed, 39 insertions(+), 1 deletions(-)
>>
>> diff --git a/http.c b/http.c
>> index 2e3d649..1fc3444 100644
>> --- a/http.c
>> +++ b/http.c
>> @@ -26,6 +26,8 @@ static long curl_low_speed_time = -1;
>>  static int curl_ftp_no_epsv;
>>  static const char *curl_http_proxy;
>>  static char *user_name, *user_pass;
>> +static char *ssl_cert_password;
>> +static int ssl_cert_password_required;
>>
>>  static struct curl_slist *pragma_header;
>>
>> @@ -167,6 +169,22 @@ static void init_curl_http_auth(CURL *result)
>>        }
>>  }
>>
>> +static int has_cert_password(void)
>> +{
>> +       if (ssl_cert_password != NULL)
>> +               return 1;
>> +       if (ssl_cert == NULL || ssl_cert_password_required != 1)
>> +               return 0;
>> +       /* Only prompt the user once. */
>> +       ssl_cert_password_required = -1;
>> +       ssl_cert_password = getpass("Certificate Password: ");
>> +       if (ssl_cert_password != NULL) {
>> +               ssl_cert_password = xstrdup(ssl_cert_password);
>> +               return 1;
>> +       } else
>> +               return 0;
>> +}
>> +
>>  static CURL *get_curl_handle(void)
>>  {
>>        CURL *result = curl_easy_init();
>> @@ -189,6 +207,16 @@ static CURL *get_curl_handle(void)
>>
>>        if (ssl_cert != NULL)
>>                curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
>> +       if (has_cert_password())
>> +               curl_easy_setopt(result,
>> +#if LIBCURL_VERSION_NUM >= 0x071700
>> +                                CURLOPT_KEYPASSWD,
>> +#elif LIBCURL_VERSION_NUM >= 0x070903
>> +                                CURLOPT_SSLKEYPASSWD,
>> +#else
>> +                                CURLOPT_SSLCERTPASSWD,
>> +#endif
>> +                                ssl_cert_password);
>>  #if LIBCURL_VERSION_NUM >= 0x070902
>>        if (ssl_key != NULL)
>>                curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
>> @@ -329,8 +357,11 @@ void http_init(struct remote *remote)
>>        if (getenv("GIT_CURL_FTP_NO_EPSV"))
>>                curl_ftp_no_epsv = 1;
>>
>> -       if (remote && remote->url && remote->url[0])
>> +       if (remote && remote->url && remote->url[0]) {
>>                http_auth_init(remote->url[0]);
>> +               if (!prefixcmp(remote->url[0], "https://"))
>> +                       ssl_cert_password_required = 1;
>> +       }
>>
>>  #ifndef NO_CURL_EASY_DUPHANDLE
>>        curl_default = get_curl_handle();
>> @@ -370,6 +401,13 @@ void http_cleanup(void)
>>                free((void *)curl_http_proxy);
>>                curl_http_proxy = NULL;
>>        }
>> +
>> +       if (ssl_cert_password != NULL) {
>> +               memset(ssl_cert_password, 0, strlen(ssl_cert_password));
>> +               free(ssl_cert_password);
>> +               ssl_cert_password = NULL;
>> +       }
>> +       ssl_cert_password_required = 0;
>>  }
>>
>>  struct active_request_slot *get_active_slot(void)
>> --
>> 1.6.3.1
>>
>>
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>