kmx git

Commit	Date	Message
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
ee6be190	2018-01-31T08:36:19	http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
e9369856	2017-03-21T00:25:15	stream: Gather streams to src/streams
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
39e76bb3	2017-01-27T16:05:20	Do not discard proxy_options that have been set when auto is specified
a6d833a2	2017-01-13T17:05:58	Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
9a64e62f	2016-12-21T21:24:33	http: check certificate validity before clobbering the error variable
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
fafafb1f	2016-12-20T16:19:30	http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
b1453601	2016-08-17T11:38:26	transports: http: reset `connected` flag when closing transport
c4cba4e9	2016-08-17T11:00:05	transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.
bdec62dc	2016-07-06T13:06:25	remove conditions that prevent use of custom TLS stream
6c9eb86f	2016-06-19T11:46:43	HTTP authentication scheme name is case insensitive.
0d72f67f	2016-03-14T17:36:04	proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
b373e9a6	2015-09-21T22:38:50	net: use proxy options struct in the stream config
94bac76c	2015-10-02T03:46:34	http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.
d7375662	2015-09-25T10:16:16	Copy custom_headers insteach of referencing the caller's copy
35969c68	2015-09-10T08:58:23	Ignore NULL headers
276f6aa0	2015-09-08T14:00:37	Hook up the custom_headers to the http transport
24f5b4e1	2015-09-08T13:34:42	Drop extra_http_headers from git_remote
59d6128e	2015-09-04T09:36:50	Allow the world to set HTTP headers for remotes
ac9b5127	2015-09-04T09:20:45	Pull extra_http_headers from the git_remote
6af6e690	2015-09-04T09:18:32	Put the extra headers on the connection_data instead
c3733e56	2015-09-04T08:56:26	Add more headers to HTTP requests
11bca2d2	2015-08-15T18:15:23	http: propagate the credentials callback's error code When we ask for credentials, the user may choose to return EUSER to indicate that an error has happened on its end and it wants to be given back control. We must therefore pass that back to the user instead of mentioning that it was on_headers_complete() that returned an error code. Since we can, we return the exact error code from the user (other than PASSTHROUGH) since it doesn't cost anything, though using other error codes aren't recommended.
31a76374	2015-07-29T22:23:00	case-insensitive check for WWW-Authenticate header Fixes issue #3338
768f8be3	2015-06-30T19:00:41	Fix #3094 - improve use of portable size_t/ssize_t format specifiers. The header src/cc-compat.h defines portable format specifiers PRIuZ, PRIdZ, and PRIxZ. The original report highlighted the need to use these specifiers in examples/network/fetch.c. For this commit, I checked all C source and header files not in deps/ and transitioned to the appropriate format specifier where appropriate.
1630981e	2015-06-30T09:03:23	http: fixed leak when asking for credentials again t->cred might have been allocated the previous time and needs to be freed before asking caller for credentials again.
8b380060	2015-06-29T21:12:44	http: don't give up on auth on the first try When the server rejects an authentication request, ask the caller for the credentials again, instead of giving up on the first try.
8443f492	2015-06-11T16:57:04	curl: remove the encrypted param to the constructor We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
f97d5d09	2015-06-11T16:54:48	http: ask for the curl stream for non-encrypted connections The TLS streams talk over the curl stream themselves, so we don't need to ask for it explicitly. Do so in the case of the non-encrypted one so we can still make use proxies in that case.
8762d721	2015-06-07T14:51:10	http: set the proxy if the stream supports it Of the built-in ones, only cURL support it, but there's no reason a user-provided stream wouldn't support it.
8dea1c21	2015-06-05T11:02:11	Implement a curl stream cURL has a mode in which it acts a lot like our streams, providing send and recv functions and taking care of the TLS and proxy setup for us. Implement a new stream which uses libcurl instead of raw sockets or the TLS libraries directly. This version does not support reporting certificates or proxies yet.
7dd22538	2015-05-11T10:19:25	centralizing all IO buffer size values
24e53d2f	2015-03-19T09:55:20	Rename GIT_SSL to GIT_OPENSSL This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.
6946a3be	2015-03-19T00:18:03	Abstract away the TLS stream implementation Instead, provide git_tls_stream_new() to ask for the most appropriate encrypted stream and use it in our HTTP transport.
6bb54cbf	2014-11-02T13:23:32	Add a SecureTransport TLS channel As an alternative to OpenSSL when we're on OS X. This one can actually take advantage of stacking the streams.
c5e07187	2015-03-24T14:03:51	Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition
142e5379	2015-03-17T12:49:33	Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
84d83b8e	2015-03-16T19:41:50	http: do not try to use the cert callback on unencrypted streams When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.
e892b6a9	2015-03-03T17:23:01	http: enforce the credential types The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.
a2fd56ab	2014-12-10T16:22:50	Fix a couple of compiler warnings
b6f5464e	2014-11-01T21:35:06	Port HTTP(S) to the new stream API
1ca61bdc	2014-11-19T20:53:25	fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
369b0217	2014-10-13T13:34:15	Clean up various compiler warnings
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
41698f22	2014-09-11T10:04:05	net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
ec1ce458	2014-08-10T17:06:53	http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
294c6f29	2014-08-16T22:12:13	http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.
23135afa	2014-08-14T11:52:20	Introduce proper http authentication API
315cb38e	2014-07-31T18:43:20	Add GSSAPI support for SPNEGO/Kerberos auth over HTTP
e003f83a	2014-07-31T15:14:56	Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
40867266	2014-07-31T18:39:58	Perform HTTP keep-alive
9c3e4e97	2014-06-13T02:35:33	http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.
bc0a6198	2014-04-19T15:52:58	transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
9cfce273	2013-12-12T12:11:38	Cleanups, renames, and leak fixes This renames git_vector_free_all to the better git_vector_free_deep and also contains a couple of memory leak fixes based on valgrind checks. The fixes are specifically: failure to free global dir path variables when not compiled with threading on and failure to free filters from the filter registry that had not be initialized fully.
25e0b157	2013-12-06T15:07:57	Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
1b02baf4	2013-09-26T16:25:05	Adjust to new utility signature
83fbd368	2013-09-26T15:58:41	Deploy gitno_connection_data into transport
8988688c	2013-09-25T20:41:56	Migrate redirect URL handling to common utility
46fbc88e	2013-09-24T14:50:06	Prevent HTTPS to HTTP redirect
eb0ff130	2013-09-24T14:07:08	Disconnect path string to preserve after redirect The subtransport path was relying on pointing to data owned by the remote which meant that after a redirect, the updated path was getting lost for future requests. This updates the http transport to strdup the path and maintain its own lifetime. This also pulls responsibility for parsing the URL back into the http transport and isolates the functions that parse and free that connection data so that they can be reused between the initial parsing and the redirect parsing.
210d5325	2013-09-23T12:09:23	Allow redirects to use same host
35e0f3c6	2013-03-25T17:59:30	Refine the redirect check condition
2c7f7a66	2013-03-25T17:35:36	http: Support 302 Found (arrbee did most of the work)
54ffc1f7	2013-01-31T14:41:01	HTTP: use creds in url if available
cf7038a6	2013-01-31T14:04:21	Enhance url parsing to include passwords
7602cb7c	2013-01-31T10:44:57	Add user-from-url param to auth callback
2234b2b0	2013-01-30T19:03:58	Stash username from url (but don't use it yet)
359fc2d2	2013-01-08T17:07:25	update copyrights
59bccf33	2012-12-10T11:11:01	Add a payload param to git_cred_acquire_cb Fixes #1128.
4a6621fd	2012-11-29T08:35:21	Leverage the min macro from util.h
6762fe08	2012-11-29T08:29:26	Remove casts of return values of type void *
613d5eb9	2012-11-28T11:42:37	Push! By schu, phkelley, and congyiwu, et al
f6c18dda	2012-11-13T14:17:41	http: Unrustle
aa1c3b58	2012-11-13T14:13:47	Merge pull request #1016 from arrbee/fix-checkout-dir-removal Update checkout with new strategies & behavior
d51e54f1	2012-11-13T14:28:44	Remove unused variables
757b4065	2012-11-09T14:01:44	Fix warnings and valgrind issues This fixes some various warnings that showed up in Travis and a couple uses of uninitialized memory and one memory leak.
11fa8472	2012-11-06T11:27:23	Don't store no_check_cert; fetch it on demand
2f7538ec	2012-11-06T09:36:04	Fix connection leak in http subtransport
091361f5	2012-11-06T08:52:03	Basic authentication for http and winhttp
ff830366	2012-11-01T12:07:42	Http: Set an error for invalid content-type
41fb1ca0	2012-10-29T13:41:14	Reorganize transport architecture (squashed 3)
a0ce87c5	2012-10-26T13:43:13	Add network transfer callbacks on Windows
7bcd9e23	2012-10-19T19:23:32	gitno_buffer: callback on each packet The fetch code takes advantage of this to implement a progress callback every 100kb of transfer.
68206c54	2012-10-13T21:00:45	test: fix some memory leaks
aeba5e17	2012-10-10T23:55:03	http: don't discard the HEAD ref The fix for fetching from empty repositories (22935b06d protocol: don't store flushes; 2012-10-07) forgot to take into account the deletion of the flush pkt in the HTTP transport. As a result, the HEAD ref advertisement where we detect the remote's capabilities was deleted instead. Fix this.
9ac8b113	2012-09-20T14:06:49	Fix MSVC amd64 compilation warnings
3ce22c74	2012-08-26T19:22:34	http: use WinHTTP on Windows Wondows has its own HTTP library. Use that one when possible instead of our own. As we don't depend on them anymore, remove the http-parser library from the Windows build, as well as the search for OpenSSL.
687ec68b	2012-09-14T00:51:29	http: use the new unicode functions The winhttp branch was based on a version before these existed, so the build broke on Windows.
cc1d85d1	2012-08-25T23:32:19	http: increase buffer side to deal with side-band-64k This poor transport was forgotten in the recent sideband support.
e9ca852e	2012-08-23T09:20:17	Fix warnings and merge issues on Win64
5dca2010	2012-08-03T17:08:01	Update iterators for consistency across library This updates all the `foreach()` type functions across the library that take callbacks from the user to have a consistent behavior. The rules are: * A callback terminates the loop by returning any non-zero value * Once the callback returns non-zero, it will not be called again (i.e. the loop stops all iteration regardless of state) * If the callback returns non-zero, the parent fn returns GIT_EUSER * Although the parent returns GIT_EUSER, no error will be set in the library and `giterr_last()` will return NULL if called. This commit makes those changes across the library and adds tests for most of the iteration APIs to make sure that they follow the above rules.
0048372a	2012-07-27T01:09:06	transport: rename encrypt to use_ssl SSL isn't the only way that a transport can be encrypted. The new name will make it easier to merge the SSH support.
ad4b5beb	2012-07-25T10:40:59	transport: store the refs in a common area Instad of each transport having its own function and logic to get to its refs, store them directly in transport. Leverage the new gitno_buffer to make the parsing and storing of the refs use common code and get rid of the git_protocol struct.
b49c8f71	2012-07-24T19:03:22	remote: use the same code to control git and http This allows us to add capabilitites to both at the same time, keeps them in sync and removes a lot of code. gitno_buffer now uses a callback to fill its buffer, allowing us to use the same interface for git and http (which uses callbacks).

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

ee6be190

2018-01-31T08:36:19

http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>

e9369856

2017-03-21T00:25:15

stream: Gather streams to src/streams

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

39e76bb3

2017-01-27T16:05:20

Do not discard proxy_options that have been set when auto is specified

a6d833a2

2017-01-13T17:05:58

Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages

9a64e62f

2016-12-21T21:24:33

http: check certificate validity before clobbering the error variable

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

fafafb1f

2016-12-20T16:19:30

http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.

b1453601

2016-08-17T11:38:26

transports: http: reset `connected` flag when closing transport

c4cba4e9

2016-08-17T11:00:05

transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.

bdec62dc

2016-07-06T13:06:25

remove conditions that prevent use of custom TLS stream

6c9eb86f

2016-06-19T11:46:43

HTTP authentication scheme name is case insensitive.

0d72f67f

2016-03-14T17:36:04

proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.

b373e9a6

2015-09-21T22:38:50

net: use proxy options struct in the stream config

94bac76c

2015-10-02T03:46:34

http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.

d7375662

2015-09-25T10:16:16

Copy custom_headers insteach of referencing the caller's copy

35969c68

2015-09-10T08:58:23

Ignore NULL headers

276f6aa0

2015-09-08T14:00:37

Hook up the custom_headers to the http transport

24f5b4e1

2015-09-08T13:34:42

Drop extra_http_headers from git_remote

59d6128e

2015-09-04T09:36:50

Allow the world to set HTTP headers for remotes

ac9b5127

2015-09-04T09:20:45

Pull extra_http_headers from the git_remote

6af6e690

2015-09-04T09:18:32

Put the extra headers on the connection_data instead

c3733e56

2015-09-04T08:56:26

Add more headers to HTTP requests

11bca2d2

2015-08-15T18:15:23

http: propagate the credentials callback's error code When we ask for credentials, the user may choose to return EUSER to indicate that an error has happened on its end and it wants to be given back control. We must therefore pass that back to the user instead of mentioning that it was on_headers_complete() that returned an error code. Since we can, we return the exact error code from the user (other than PASSTHROUGH) since it doesn't cost anything, though using other error codes aren't recommended.

31a76374

2015-07-29T22:23:00

case-insensitive check for WWW-Authenticate header Fixes issue #3338

768f8be3

2015-06-30T19:00:41

Fix #3094 - improve use of portable size_t/ssize_t format specifiers. The header src/cc-compat.h defines portable format specifiers PRIuZ, PRIdZ, and PRIxZ. The original report highlighted the need to use these specifiers in examples/network/fetch.c. For this commit, I checked all C source and header files not in deps/ and transitioned to the appropriate format specifier where appropriate.

1630981e

2015-06-30T09:03:23

http: fixed leak when asking for credentials again t->cred might have been allocated the previous time and needs to be freed before asking caller for credentials again.

8b380060

2015-06-29T21:12:44

http: don't give up on auth on the first try When the server rejects an authentication request, ask the caller for the credentials again, instead of giving up on the first try.

8443f492

2015-06-11T16:57:04

curl: remove the encrypted param to the constructor We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.

f97d5d09

2015-06-11T16:54:48

http: ask for the curl stream for non-encrypted connections The TLS streams talk over the curl stream themselves, so we don't need to ask for it explicitly. Do so in the case of the non-encrypted one so we can still make use proxies in that case.

8762d721

2015-06-07T14:51:10

http: set the proxy if the stream supports it Of the built-in ones, only cURL support it, but there's no reason a user-provided stream wouldn't support it.

8dea1c21

2015-06-05T11:02:11

Implement a curl stream cURL has a mode in which it acts a lot like our streams, providing send and recv functions and taking care of the TLS and proxy setup for us. Implement a new stream which uses libcurl instead of raw sockets or the TLS libraries directly. This version does not support reporting certificates or proxies yet.

7dd22538

2015-05-11T10:19:25

centralizing all IO buffer size values

24e53d2f

2015-03-19T09:55:20

Rename GIT_SSL to GIT_OPENSSL This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.

6946a3be

2015-03-19T00:18:03

Abstract away the TLS stream implementation Instead, provide git_tls_stream_new() to ask for the most appropriate encrypted stream and use it in our HTTP transport.

6bb54cbf

2014-11-02T13:23:32

Add a SecureTransport TLS channel As an alternative to OpenSSL when we're on OS X. This one can actually take advantage of stacking the streams.

c5e07187

2015-03-24T14:03:51

Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition

142e5379

2015-03-17T12:49:33

Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.

84d83b8e

2015-03-16T19:41:50

http: do not try to use the cert callback on unencrypted streams When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.

e892b6a9

2015-03-03T17:23:01

http: enforce the credential types The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.

a2fd56ab

2014-12-10T16:22:50

Fix a couple of compiler warnings

b6f5464e

2014-11-01T21:35:06

Port HTTP(S) to the new stream API

1ca61bdc

2014-11-19T20:53:25

fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.

369b0217

2014-10-13T13:34:15

Clean up various compiler warnings

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

41698f22

2014-09-11T10:04:05

net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

ec1ce458

2014-08-10T17:06:53

http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

294c6f29

2014-08-16T22:12:13

http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.

23135afa

2014-08-14T11:52:20

Introduce proper http authentication API

315cb38e

2014-07-31T18:43:20

Add GSSAPI support for SPNEGO/Kerberos auth over HTTP

e003f83a

2014-07-31T15:14:56

Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf

40867266

2014-07-31T18:39:58

Perform HTTP keep-alive

9c3e4e97

2014-06-13T02:35:33

http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.

bc0a6198

2014-04-19T15:52:58

transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.

9cfce273

2013-12-12T12:11:38

Cleanups, renames, and leak fixes This renames git_vector_free_all to the better git_vector_free_deep and also contains a couple of memory leak fixes based on valgrind checks. The fixes are specifically: failure to free global dir path variables when not compiled with threading on and failure to free filters from the filter registry that had not be initialized fully.

25e0b157

2013-12-06T15:07:57

Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.

1b02baf4

2013-09-26T16:25:05

Adjust to new utility signature

83fbd368

2013-09-26T15:58:41

Deploy gitno_connection_data into transport

8988688c

2013-09-25T20:41:56

Migrate redirect URL handling to common utility

46fbc88e

2013-09-24T14:50:06

Prevent HTTPS to HTTP redirect

eb0ff130

2013-09-24T14:07:08

Disconnect path string to preserve after redirect The subtransport path was relying on pointing to data owned by the remote which meant that after a redirect, the updated path was getting lost for future requests. This updates the http transport to strdup the path and maintain its own lifetime. This also pulls responsibility for parsing the URL back into the http transport and isolates the functions that parse and free that connection data so that they can be reused between the initial parsing and the redirect parsing.

210d5325

2013-09-23T12:09:23

Allow redirects to use same host

35e0f3c6

2013-03-25T17:59:30

Refine the redirect check condition

2c7f7a66

2013-03-25T17:35:36

http: Support 302 Found (arrbee did most of the work)

54ffc1f7

2013-01-31T14:41:01

HTTP: use creds in url if available

cf7038a6

2013-01-31T14:04:21

Enhance url parsing to include passwords

7602cb7c

2013-01-31T10:44:57

Add user-from-url param to auth callback

2234b2b0

2013-01-30T19:03:58

Stash username from url (but don't use it yet)

359fc2d2

2013-01-08T17:07:25

update copyrights

59bccf33

2012-12-10T11:11:01

Add a payload param to git_cred_acquire_cb Fixes #1128.

4a6621fd

2012-11-29T08:35:21

Leverage the min macro from util.h

6762fe08

2012-11-29T08:29:26

Remove casts of return values of type void *

613d5eb9

2012-11-28T11:42:37

Push! By schu, phkelley, and congyiwu, et al

f6c18dda

2012-11-13T14:17:41

http: Unrustle

aa1c3b58

2012-11-13T14:13:47

Merge pull request #1016 from arrbee/fix-checkout-dir-removal Update checkout with new strategies & behavior

d51e54f1

2012-11-13T14:28:44

Remove unused variables

757b4065

2012-11-09T14:01:44

Fix warnings and valgrind issues This fixes some various warnings that showed up in Travis and a couple uses of uninitialized memory and one memory leak.

11fa8472

2012-11-06T11:27:23

Don't store no_check_cert; fetch it on demand

2f7538ec

2012-11-06T09:36:04

Fix connection leak in http subtransport

091361f5

2012-11-06T08:52:03

Basic authentication for http and winhttp

ff830366

2012-11-01T12:07:42

Http: Set an error for invalid content-type

41fb1ca0

2012-10-29T13:41:14

Reorganize transport architecture (squashed 3)

a0ce87c5

2012-10-26T13:43:13

Add network transfer callbacks on Windows

7bcd9e23

2012-10-19T19:23:32

gitno_buffer: callback on each packet The fetch code takes advantage of this to implement a progress callback every 100kb of transfer.

68206c54

2012-10-13T21:00:45

test: fix some memory leaks

aeba5e17

2012-10-10T23:55:03

http: don't discard the HEAD ref The fix for fetching from empty repositories (22935b06d protocol: don't store flushes; 2012-10-07) forgot to take into account the deletion of the flush pkt in the HTTP transport. As a result, the HEAD ref advertisement where we detect the remote's capabilities was deleted instead. Fix this.

9ac8b113

2012-09-20T14:06:49

Fix MSVC amd64 compilation warnings

3ce22c74

2012-08-26T19:22:34

http: use WinHTTP on Windows Wondows has its own HTTP library. Use that one when possible instead of our own. As we don't depend on them anymore, remove the http-parser library from the Windows build, as well as the search for OpenSSL.

687ec68b

2012-09-14T00:51:29

http: use the new unicode functions The winhttp branch was based on a version before these existed, so the build broke on Windows.

cc1d85d1

2012-08-25T23:32:19

http: increase buffer side to deal with side-band-64k This poor transport was forgotten in the recent sideband support.

e9ca852e

2012-08-23T09:20:17

Fix warnings and merge issues on Win64

5dca2010

2012-08-03T17:08:01

Update iterators for consistency across library This updates all the `foreach()` type functions across the library that take callbacks from the user to have a consistent behavior. The rules are: * A callback terminates the loop by returning any non-zero value * Once the callback returns non-zero, it will not be called again (i.e. the loop stops all iteration regardless of state) * If the callback returns non-zero, the parent fn returns GIT_EUSER * Although the parent returns GIT_EUSER, no error will be set in the library and `giterr_last()` will return NULL if called. This commit makes those changes across the library and adds tests for most of the iteration APIs to make sure that they follow the above rules.

0048372a

2012-07-27T01:09:06

transport: rename encrypt to use_ssl SSL isn't the only way that a transport can be encrypted. The new name will make it easier to merge the SSH support.

ad4b5beb

2012-07-25T10:40:59

transport: store the refs in a common area Instad of each transport having its own function and logic to get to its refs, store them directly in transport. Leverage the new gitno_buffer to make the parsing and storing of the refs use common code and get rid of the git_protocol struct.

b49c8f71

2012-07-24T19:03:22

remote: use the same code to control git and http This allows us to add capabilitites to both at the same time, keeps them in sync and removes a lot of code. gitno_buffer now uses a callback to fill its buffer, allowing us to use the same interface for git and http (which uses callbacks).

thodg/libgit2/src/transports/http.c

src/transports/http.c

Log