Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-05 Thread Jeff King
On Wed, Nov 04, 2015 at 10:13:25AM +0100, Knut Franke wrote: > For consistency reasons, add parsing of http_proxy/https_proxy/all_proxy > environment variables, which would otherwise be evaluated as a fallback by > curl. > Without this, we would have different semantics for git configuration and

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-05 Thread Knut Franke
On 2015-11-05 03:24, Jeff King wrote: > There was also some discussion with curl upstream of providing a new > authentication interface, where we would provide curl with > authentication callbacks, and it would trigger them if and when > credentials were needed. Somebody upstream was working on a

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-05 Thread Jeff King
On Thu, Nov 05, 2015 at 12:56:54PM +0100, Knut Franke wrote: > My main takeaway from this, apart from the points you mention below, is that > it'd be good to have a test case, similar to t/lib-httpd.sh. Since none of the > existent proxy-related code has an automated test, I think this would be

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-04 Thread Junio C Hamano
Knut Franke writes: > @@ -337,6 +342,24 @@ static void var_override(const char **var, char *value) > > static void init_curl_proxy_auth(CURL *result) > { > + if (proxy_auth.username) { > + struct strbuf s = STRBUF_INIT; Having this variable

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-04 Thread Eric Sunshine
On Wednesday, November 4, 2015, Knut Franke wrote: > Currently, the only way to pass proxy credentials to curl is by including them > in the proxy URL. Usually, this means they will end up on disk unencrypted, > one > way or another (by inclusion in ~/.gitconfig,

[PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-04 Thread Knut Franke
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history). Since proxy authentication often uses a domain user, credentials

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-03 Thread Knut Franke
On 2015-11-02 14:54, Junio C Hamano wrote: > > static void init_curl_proxy_auth(CURL *result) > > { > > + if (proxy_auth.username) { > > + if (!proxy_auth.password) > > + credential_fill(_auth); > > +#if LIBCURL_VERSION_NUM >= 0x071301 > > +

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-03 Thread Eric Sunshine
On Tue, Nov 3, 2015 at 4:31 AM, Knut Franke wrote: > On 2015-11-02 14:54, Junio C Hamano wrote: >> > static void init_curl_proxy_auth(CURL *result) >> > { >> > + if (proxy_auth.username) { >> > + if (!proxy_auth.password) >> > +

[PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-02 Thread Knut Franke
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history). Since proxy authentication often uses a domain user, credentials

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-11-02 Thread Junio C Hamano
Knut Franke writes: > Currently, the only way to pass proxy credentials to curl is by including them > in the proxy URL. Usually, this means they will end up on disk unencrypted, > one > way or another (by inclusion in ~/.gitconfig, shell profile or history).

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-30 Thread Junio C Hamano
Knut Franke writes: > On 2015-10-28 14:58, Eric Sunshine wrote: >> > + } >> > + if (!curl_http_proxy) { >> > + copy_from_env(_http_proxy, "ALL_PROXY"); >> > + copy_from_env(_http_proxy,

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-30 Thread Eric Sunshine
On Fri, Oct 30, 2015 at 3:31 PM, Junio C Hamano wrote: > Knut Franke writes: >> On 2015-10-28 14:58, Eric Sunshine wrote: >>> > + } >>> > + if (!curl_http_proxy) { >>> > +

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-30 Thread Knut Franke
On 2015-10-28 14:58, Eric Sunshine wrote: > > + } > > + if (!curl_http_proxy) { > > + copy_from_env(_http_proxy, "ALL_PROXY"); > > + copy_from_env(_http_proxy, "all_proxy"); > > + } > > If this sort of upper-

[PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-28 Thread Knut Franke
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history). Since proxy authentication often uses a domain user, credentials

Re: [PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-28 Thread Eric Sunshine
On Wednesday, October 28, 2015, Knut Franke wrote: > Currently, the only way to pass proxy credentials to curl is by including them > in the proxy URL. Usually, this means they will end up on disk unencrypted, > one > way or another (by inclusion in ~/.gitconfig,

[PATCH 2/2] http: use credential API to handle proxy authentication

2015-10-26 Thread Knut Franke
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history). Since proxy authentication often uses a domain user, credentials