diff options
| author | Knut Franke <k.franke@science-computing.de> | 2016-01-26 13:02:48 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-01-26 10:53:25 -0800 |
| commit | 372370f1675c2b935fb703665358dd5567641107 (patch) | |
| tree | ccd3d55be8f8d0be64f24cdb8f75a69da0f1e94c /Documentation | |
| parent | ef976395e26a25fb6d048d859a1c8cddb2640b9a (diff) | |
| download | git-372370f1675c2b935fb703665358dd5567641107.tar.gz git-372370f1675c2b935fb703665358dd5567641107.tar.xz | |
http: use credential API to handle proxy authentication
Currently, the only way to pass proxy credentials to curl is by including them
in the proxy URL. Usually, this means they will end up on disk unencrypted, one
way or another (by inclusion in ~/.gitconfig, shell profile or history). Since
proxy authentication often uses a domain user, credentials can be security
sensitive; therefore, a safer way of passing credentials is desirable.
If the configured proxy contains a username but not a password, query the
credential API for one. Also, make sure we approve/reject proxy credentials
properly.
For consistency reasons, add parsing of http_proxy/https_proxy/all_proxy
environment variables, which would otherwise be evaluated as a fallback by curl.
Without this, we would have different semantics for git configuration and
environment variables.
Helped-by: Junio C Hamano <gitster@pobox.com>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Helped-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Knut Franke <k.franke@science-computing.de>
Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/config.txt | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index a6c3d0fa5..8b969497b 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1596,9 +1596,13 @@ help.htmlPath:: http.proxy:: Override the HTTP proxy, normally configured using the 'http_proxy', - 'https_proxy', and 'all_proxy' environment variables (see - `curl(1)`). This can be overridden on a per-remote basis; see - remote.<name>.proxy + 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In + addition to the syntax understood by curl, it is possible to specify a + proxy string with a user name but no password, in which case git will + attempt to acquire one in the same way it does for other credentials. See + linkgit:gitcredentials[7] for more information. The syntax thus is + '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden + on a per-remote basis; see remote.<name>.proxy http.proxyAuthMethod:: Set the method with which to authenticate against the HTTP proxy. This |