From 57415089bd33575bcb7e134ddb2e1eacee3dfaca Mon Sep 17 00:00:00 2001 From: Sergey Ryazanov Date: Tue, 11 Apr 2017 23:22:18 +0300 Subject: http: honor empty http.proxy option to bypass proxy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Curl distinguishes between an empty proxy address and a NULL proxy address. In the first case it completely disables proxy usage, but if the proxy address option is NULL then curl attempts to determine the proxy address from the http_proxy environment variable. According to the documentation, if the http.proxy option is set to an empty string, git should bypass proxy and connect to the server directly: export http_proxy=http://network-proxy/ cd ~/foobar-project git config remote.origin.proxy "" git fetch Previously, proxy host was configured by one line: curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); Commit 372370f167 ("http: use credential API to handle proxy authentication", 2016-01-26) parses the proxy option, then extracts the proxy host address and updates the curl configuration, making the previous call a noop: credential_from_url(&proxy_auth, curl_http_proxy); curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host); But if the proxy option is empty then the proxy host field becomes NULL. This forces curl to fall back to detecting the proxy configuration from the environment, causing the http.proxy option to not work anymore. Fix this issue by explicitly handling http.proxy being set the empty string. This also makes the code a bit more clear and should help us avoid such regressions in the future. Helped-by: Ævar Arnfjörð Bjarmason Helped-by: Jeff King Signed-off-by: Sergey Ryazanov Signed-off-by: Junio C Hamano --- http.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'http.c') diff --git a/http.c b/http.c index 96d84bbed..8be75b267 100644 --- a/http.c +++ b/http.c @@ -836,8 +836,14 @@ static CURL *get_curl_handle(void) } } - if (curl_http_proxy) { - curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); + if (curl_http_proxy && curl_http_proxy[0] == '\0') { + /* + * Handle case with the empty http.proxy value here to keep + * common code clean. + * NB: empty option disables proxying at all. + */ + curl_easy_setopt(result, CURLOPT_PROXY, ""); + } else if (curl_http_proxy) { #if LIBCURL_VERSION_NUM >= 0x071800 if (starts_with(curl_http_proxy, "socks5h")) curl_easy_setopt(result, -- cgit v1.2.1 From ae51d91105981888f58ad21825b4ef0c540032e3 Mon Sep 17 00:00:00 2001 From: Sergey Ryazanov Date: Tue, 11 Apr 2017 23:22:19 +0300 Subject: http: fix the silent ignoring of proxy misconfiguraion Earlier, the whole http.proxy option string was passed to curl without any preprocessing so curl could complain about the invalid proxy configuration. After the commit 372370f167 ("http: use credential API to handle proxy authentication", 2016-01-26), if the user specified an invalid HTTP proxy option in the configuration, then the option parsing silently fails and NULL will be passed to curl as a proxy. This forces curl to fall back to detecting the proxy configuration from the environment, causing the http.proxy option ignoring. Fix this issue by checking the proxy option parsing result. If parsing failed then print an error message and die. Such behaviour allows the user to quickly figure the proxy misconfiguration and correct it. Helped-by: Jeff King Signed-off-by: Sergey Ryazanov Signed-off-by: Junio C Hamano --- http.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'http.c') diff --git a/http.c b/http.c index 8be75b267..82664dddd 100644 --- a/http.c +++ b/http.c @@ -867,6 +867,9 @@ static CURL *get_curl_handle(void) strbuf_release(&url); } + if (!proxy_auth.host) + die("Invalid proxy URL '%s'", curl_http_proxy); + curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host); #if LIBCURL_VERSION_NUM >= 0x071304 var_override(&curl_no_proxy, getenv("NO_PROXY")); -- cgit v1.2.1