diff options
author | Junio C Hamano <gitster@pobox.com> | 2015-08-26 15:45:31 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-08-26 15:45:31 -0700 |
commit | ed070a40072f01aa819f114bf6b35edf0f53cab2 (patch) | |
tree | 89dd1feca83ee6672db5cf893b7a8f9dfd00705b /http.c | |
parent | 51e83a4898b47ff3286f1cff65c3715ee803ade9 (diff) | |
parent | 01861cb7a27b948bc0218877311f531f25386691 (diff) | |
download | git-ed070a40072f01aa819f114bf6b35edf0f53cab2.tar.gz git-ed070a40072f01aa819f114bf6b35edf0f53cab2.tar.xz |
Merge branch 'ep/http-configure-ssl-version'
A new configuration variable http.sslVersion can be used to specify
what specific version of SSL/TLS to use to make a connection.
* ep/http-configure-ssl-version:
http: add support for specifying the SSL version
Diffstat (limited to 'http.c')
-rw-r--r-- | http.c | 33 |
1 files changed, 32 insertions, 1 deletions
@@ -37,6 +37,20 @@ static int curl_ssl_verify = -1; static int curl_ssl_try; static const char *ssl_cert; static const char *ssl_cipherlist; +static const char *ssl_version; +static struct { + const char *name; + long ssl_version; +} sslversions[] = { + { "sslv2", CURL_SSLVERSION_SSLv2 }, + { "sslv3", CURL_SSLVERSION_SSLv3 }, + { "tlsv1", CURL_SSLVERSION_TLSv1 }, +#if LIBCURL_VERSION_NUM >= 0x072200 + { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 }, + { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 }, + { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 }, +#endif +}; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; #endif @@ -190,6 +204,8 @@ static int http_options(const char *var, const char *value, void *cb) } if (!strcmp("http.sslcipherlist", var)) return git_config_string(&ssl_cipherlist, var, value); + if (!strcmp("http.sslversion", var)) + return git_config_string(&ssl_version, var, value); if (!strcmp("http.sslcert", var)) return git_config_string(&ssl_cert, var, value); #if LIBCURL_VERSION_NUM >= 0x070903 @@ -364,9 +380,24 @@ static CURL *get_curl_handle(void) if (http_proactive_auth) init_curl_http_auth(result); + if (getenv("GIT_SSL_VERSION")) + ssl_version = getenv("GIT_SSL_VERSION"); + if (ssl_version && *ssl_version) { + int i; + for (i = 0; i < ARRAY_SIZE(sslversions); i++) { + if (!strcmp(ssl_version, sslversions[i].name)) { + curl_easy_setopt(result, CURLOPT_SSLVERSION, + sslversions[i].ssl_version); + break; + } + } + if (i == ARRAY_SIZE(sslversions)) + warning("unsupported ssl version %s: using default", + ssl_version); + } + if (getenv("GIT_SSL_CIPHER_LIST")) ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST"); - if (ssl_cipherlist != NULL && *ssl_cipherlist) curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST, ssl_cipherlist); |