kmx git

Commit	Date	Message
0ef54a63	2015-03-11T17:16:39	local: create pack with multiple threads The default behaviour for the packbuilder is to perform the work in a single thread, which is fine for the public API, but we currently have no way for a user to determine the number of threads to use when creating the packfile, which makes our clone behaviour over the filesystem quite a bit slower than what git offers. This is a very particular scenario, in which we avoid spawning git by being ourselves the server-side, so it's probably ok to auto-set the threading, as the upload-pack process would do if we were talking to git.
e892b6a9	2015-03-03T17:23:01	http: enforce the credential types The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.
659cf202	2015-01-07T12:23:05	Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.
f1453c59	2015-02-12T12:19:37	Make our overflow check look more like gcc/clang's Make our overflow checking look more like gcc and clang's, so that we can substitute it out with the compiler instrinsics on platforms that support it. This means dropping the ability to pass `NULL` as an out parameter. As a result, the macros also get updated to reflect this as well.
ec3b4d35	2015-02-11T11:20:05	Use `size_t` to hold size of arrays Use `size_t` to hold the size of arrays to ease overflow checking, lest we check for overflow of a `size_t` then promptly truncate by packing the length into a smaller type.
4aa664ae	2015-02-10T23:55:07	git_buf_grow_by: increase buf asize incrementally Introduce `git_buf_grow_by` to incrementally increase the size of a `git_buf`, performing an overflow calculation on the growth.
392702ee	2015-02-09T23:41:13	allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.
6f73e026	2014-12-24T11:42:50	Plug some leaks
4fd2bda9	2014-12-16T10:25:45	local: send 'counting objects' output Pretend we have a git process at the other end by creating a similar progress output when inserting objects into the packbuilder.
cd305c2f	2014-12-10T11:30:28	Merge pull request #2678 from libgit2/cmn/io-stream Introduce stackable IO streams
a2fd56ab	2014-12-10T16:22:50	Fix a couple of compiler warnings
1b75c29e	2014-11-02T11:17:01	gitno: remove code which is no longer needed Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.
4fd4341f	2014-11-02T10:52:03	ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.
b6f5464e	2014-11-01T21:35:06	Port HTTP(S) to the new stream API
02b4c1e2	2014-11-01T16:58:20	Port the TCP transport to the new stream API
ad2bf40a	2014-12-08T17:31:34	winhttp: plug some leaks
013924c1	2014-12-05T23:44:34	Merge pull request #2730 from libgit2/cmn/local-push Adjust the local transport for the common refspec parser
70d21742	2014-12-03T00:41:46	win32: clear connection data on close
d5c84f67	2014-11-23T21:34:45	local: adjust to the common refspec parser We no longer have NULL strings, but empty ones and duplicate the sides if necessar, so the first check will never do anything. While in the area, remove unnecessary ifs and early returns.
f7fcb18f	2014-11-23T14:12:54	Plug leaks Valgrind is now clean except for libssl and libgcrypt.
1ca61bdc	2014-11-19T20:53:25	fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
aad638f3	2014-11-07T15:00:11	push: use the common refspec parser There is one well-known and well-tested parser which we should use, instead of implementing parsing a second time. The common parser is also augmented to copy the LHS into the RHS if the latter is empty. The expressions test had to change a bit, as we now catch a bad RHS of a refspec locally.
334a0696	2014-10-26T17:36:14	Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>
bc42479a	2014-10-13T15:43:03	Cleanup memory leak in ssh transport
369b0217	2014-10-13T13:34:15	Clean up various compiler warnings
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
14556cbf	2014-09-17T17:13:25	Merge pull request #2567 from cirosantilli/factor-41 Factor 40 and 41 constants from source.
4fe5b771	2014-09-16T13:35:36	winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.
1e0aa105	2014-09-16T03:22:09	ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
286369a8	2014-09-16T02:27:16	ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
0fef3899	2014-09-16T01:25:53	Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
41698f22	2014-09-11T10:04:05	net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
7c8acc54	2014-08-30T14:26:57	winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
67c84e06	2014-08-30T14:04:57	winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
5f2cf732	2014-08-30T13:12:33	winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.
08545d36	2014-08-30T00:40:37	winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2f5864c5	2014-08-29T21:15:36	ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
ec1ce458	2014-08-10T17:06:53	http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
3b2cb2c9	2014-09-16T11:49:25	Factor 40 and 41 constants from source.
2dc399a8	2014-09-04T16:46:14	ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
5cd81bb3	2014-09-03T01:01:25	Several CppCat warnings fixed
69db8934	2014-08-27T19:19:55	Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error
893cfe06	2014-08-27T19:18:46	Merge pull request #2502 from rnowosielski/remote_set_timeout Set timeout on remote (Add timeout for WinHttpReceiveResponse #2147)
f0c53d21	2014-08-27T10:28:46	winhttp: Prevent swallowing of url parsing error
6a0d2b43	2014-08-27T15:09:07	Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
86d0a53c	2014-08-27T01:30:47	Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
2db71194	2014-07-24T04:15:24	Set timeout on remote (WinHTTP) to infinite #2147
294c6f29	2014-08-16T22:12:13	http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.
23135afa	2014-08-14T11:52:20	Introduce proper http authentication API
315cb38e	2014-07-31T18:43:20	Add GSSAPI support for SPNEGO/Kerberos auth over HTTP
e003f83a	2014-07-31T15:14:56	Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
40867266	2014-07-31T18:39:58	Perform HTTP keep-alive
c180c065	2014-07-09T17:58:39	Custom transport: minor cleanups * Move the transport registration mechanisms into a new header under 'sys/' because this is advanced stuff. * Remove the 'priority' argument from the registration as it adds unnecessary complexity. (Since transports cannot decline to operate, only the highest priority transport is ever executed.) Users who require per-priority transports can implement that in their custom transport themselves. * Simplify registration further by taking a scheme (eg "http") instead of a prefix (eg "http://").
c983604e	2014-07-12T14:44:21	Consistently use p_snprintf
d07fd442	2014-07-12T14:37:39	Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
959a93e7	2014-07-13T11:50:49	Silence unused variables warnings
8baeb8a4	2014-07-16T13:03:34	ssh: Fix unused warning
d4256ed5	2014-07-04T10:00:39	ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
ae241ae1	2014-07-03T20:20:00	Include libssh2.h before git2.h (transport.h)
de3cf801	2014-07-02T15:28:24	Merge pull request #2456 from libgit2/cmn/ssh-send-everything ssh: libssh2_channel_write() behaves like send()
0963716b	2014-07-02T12:49:51	ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
bc8a0886	2014-06-27T11:51:35	Fix assert when receiving uncommon sideband packet
ccb85c8f	2014-06-25T16:27:43	ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
d1c281a5	2014-06-25T16:24:26	cred: add convenience function to get the username Since each cred defines the username on their own, introduce git_cred__username to retrieve the username pointer from them.
54da6958	2014-06-25T15:41:01	cred: introduce username-only cred This exists as ssh needs to know about the username to use before it can query for the supported authentication methods.
d7f962f4	2014-06-16T19:30:06	ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
b529c5f9	2014-06-12T17:19:00	ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
22618906	2014-06-12T16:09:54	ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
9c3e4e97	2014-06-13T02:35:33	http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.
18d7896c	2014-06-03T21:47:53	clone: re-use the local transport's path resolution Whe already worked out the kinks with the function used in the local transport. Expose it and make use of it in the local clone method instead of trying to work it out again.
9331f98a	2014-05-22T12:52:31	smart: initialize the error variable
4c4408c3	2014-05-22T12:28:39	Plug leaks and fix a C99-ism We have too many places where we repeat free code, so when adding the new free to the generic code, it didn't take for the local transport. While there, fix a C99-ism that sneaked through.
a5982644	2014-05-22T02:28:42	Merge pull request #2376 from libgit2/cmn/remote-symref Add support for the symref extension
04865aa0	2014-05-21T10:01:44	local transport: expose the symref data When using the local transport, we always have the symbolic information available, so fill it.
306475eb	2014-05-20T09:55:26	remote: expose the remote's symref mappings Add a symref_target field to git_remote_head to expose the symref mappings to the user.
8156835d	2014-05-20T09:29:39	smart: store reported symrefs The protocol has a capability which allows the server to tell us which refs are symrefs, so we can e.g. know which is the default branch. This capability is different from the ones we already support, as it's not setting a flag to true, but requires us to store a list of refspec-formatted mappings. This commit does not yet expose the information in the reference listing.
ac11219b	2014-05-19T16:54:19	smart: send a flush when we disconnect The git server wants to hear a flush from us when we disconnect, particularly when we want to perform a fetch but are up to date.
8443ed6c	2014-04-25T02:10:19	Merge pull request #2284 from jacquesg/push-progress-callback Fire progress and update tips callbacks also for pushes.
5ca410b9	2014-04-23T07:13:49	Merge pull request #2283 from phkelley/win32_fs Win32: UTF-8 <-> WCHAR conversion overhaul
bc0a6198	2014-04-19T15:52:58	transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
8b686b31	2014-04-21T15:25:19	Correct argument order of git__calloc()
48e60ae7	2014-04-21T11:23:29	Don't redefine the same callback types, their signatures may change
98020d3a	2014-04-21T10:55:37	Rename progress callback to sideband_progress
4f62163e	2014-04-20T22:06:05	Check the return codes of remote callbacks. The user may have requested that the operation be cancelled.
9effa2fb	2014-04-20T19:19:13	Fire progress callbacks also for pushes. It's not very useful to only know that a pre-receive hook has declined a push, you probably want to know why.
c2c81615	2014-04-19T18:05:31	Win32: UTF-8 <-> WCHAR conversion overhaul
a622ff17	2014-04-18T20:05:28	Only zero sensitive information on destruction (and memory actually allocated by us)
8ec0a552	2014-04-18T00:49:07	Make git_cred_ssh_custom_new() naming more consistent
478408c0	2014-04-17T23:03:44	Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication
bd270b70	2014-04-18T17:08:10	cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
1392418e	2014-03-18T09:04:33	Seamless support for NTLM/Kerberos auth on Windows
5187b609	2014-03-07T14:58:43	local transport: catch double-opens Combinations of connect + fetch can call local_open multiple times. Detect this and skip the initialization stage.
300f4412	2014-02-25T11:56:11	- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
8bf476ac	2014-01-19T16:24:58	Factor out code to convert local "url" into a path. Previously this code was shared between `local_push` and `local_connect`.
4e974c97	2014-01-18T08:02:58	Fix local push to file:// URL.
0b28217b	2014-01-15T12:51:31	refs: remove the _with_log differentiation Any well-behaved program should write a descriptive message to the reflog whenever it updates a reference. Let's make this more prominent by removing the version without the reflog parameters.

0ef54a63

2015-03-11T17:16:39

local: create pack with multiple threads The default behaviour for the packbuilder is to perform the work in a single thread, which is fine for the public API, but we currently have no way for a user to determine the number of threads to use when creating the packfile, which makes our clone behaviour over the filesystem quite a bit slower than what git offers. This is a very particular scenario, in which we avoid spawning git by being ourselves the server-side, so it's probably ok to auto-set the threading, as the upload-pack process would do if we were talking to git.

e892b6a9

2015-03-03T17:23:01

http: enforce the credential types The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.

659cf202

2015-01-07T12:23:05

Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.

f1453c59

2015-02-12T12:19:37

Make our overflow check look more like gcc/clang's Make our overflow checking look more like gcc and clang's, so that we can substitute it out with the compiler instrinsics on platforms that support it. This means dropping the ability to pass `NULL` as an out parameter. As a result, the macros also get updated to reflect this as well.

ec3b4d35

2015-02-11T11:20:05

Use `size_t` to hold size of arrays Use `size_t` to hold the size of arrays to ease overflow checking, lest we check for overflow of a `size_t` then promptly truncate by packing the length into a smaller type.

4aa664ae

2015-02-10T23:55:07

git_buf_grow_by: increase buf asize incrementally Introduce `git_buf_grow_by` to incrementally increase the size of a `git_buf`, performing an overflow calculation on the growth.

392702ee

2015-02-09T23:41:13

allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.

6f73e026

2014-12-24T11:42:50

Plug some leaks

4fd2bda9

2014-12-16T10:25:45

local: send 'counting objects' output Pretend we have a git process at the other end by creating a similar progress output when inserting objects into the packbuilder.

cd305c2f

2014-12-10T11:30:28

Merge pull request #2678 from libgit2/cmn/io-stream Introduce stackable IO streams

a2fd56ab

2014-12-10T16:22:50

Fix a couple of compiler warnings

1b75c29e

2014-11-02T11:17:01

gitno: remove code which is no longer needed Most of the network-facing facilities have been copied to the socket and openssl streams. No code now uses these functions directly anymore, so we can now remove them.

4fd4341f

2014-11-02T10:52:03

ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.

b6f5464e

2014-11-01T21:35:06

Port HTTP(S) to the new stream API

02b4c1e2

2014-11-01T16:58:20

Port the TCP transport to the new stream API

ad2bf40a

2014-12-08T17:31:34

winhttp: plug some leaks

013924c1

2014-12-05T23:44:34

Merge pull request #2730 from libgit2/cmn/local-push Adjust the local transport for the common refspec parser

70d21742

2014-12-03T00:41:46

win32: clear connection data on close

d5c84f67

2014-11-23T21:34:45

local: adjust to the common refspec parser We no longer have NULL strings, but empty ones and duplicate the sides if necessar, so the first check will never do anything. While in the area, remove unnecessary ifs and early returns.

f7fcb18f

2014-11-23T14:12:54

Plug leaks Valgrind is now clean except for libssl and libgcrypt.

1ca61bdc

2014-11-19T20:53:25

fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.

aad638f3

2014-11-07T15:00:11

push: use the common refspec parser There is one well-known and well-tested parser which we should use, instead of implementing parsing a second time. The common parser is also augmented to copy the LHS into the RHS if the latter is empty. The expressions test had to change a bit, as we now catch a bad RHS of a refspec locally.

334a0696

2014-10-26T17:36:14

Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>

bc42479a

2014-10-13T15:43:03

Cleanup memory leak in ssh transport

369b0217

2014-10-13T13:34:15

Clean up various compiler warnings

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

14556cbf

2014-09-17T17:13:25

Merge pull request #2567 from cirosantilli/factor-41 Factor 40 and 41 constants from source.

4fe5b771

2014-09-16T13:35:36

winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.

1e0aa105

2014-09-16T03:22:09

ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.

286369a8

2014-09-16T02:27:16

ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

0fef3899

2014-09-16T01:25:53

Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info

41698f22

2014-09-11T10:04:05

net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.

7c8acc54

2014-08-30T14:26:57

winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.

67c84e06

2014-08-30T14:04:57

winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.

5f2cf732

2014-08-30T13:12:33

winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.

08545d36

2014-08-30T00:40:37

winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

2f5864c5

2014-08-29T21:15:36

ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

ec1ce458

2014-08-10T17:06:53

http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

3b2cb2c9

2014-09-16T11:49:25

Factor 40 and 41 constants from source.

2dc399a8

2014-09-04T16:46:14

ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.

5cd81bb3

2014-09-03T01:01:25

Several CppCat warnings fixed

69db8934

2014-08-27T19:19:55

Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error

893cfe06

2014-08-27T19:18:46

Merge pull request #2502 from rnowosielski/remote_set_timeout Set timeout on remote (Add timeout for WinHttpReceiveResponse #2147)

f0c53d21

2014-08-27T10:28:46

winhttp: Prevent swallowing of url parsing error

6a0d2b43

2014-08-27T15:09:07

Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry

86d0a53c

2014-08-27T01:30:47

Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147

2db71194

2014-07-24T04:15:24

Set timeout on remote (WinHTTP) to infinite #2147

294c6f29

2014-08-16T22:12:13

http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.

23135afa

2014-08-14T11:52:20

Introduce proper http authentication API

315cb38e

2014-07-31T18:43:20

Add GSSAPI support for SPNEGO/Kerberos auth over HTTP

e003f83a

2014-07-31T15:14:56

Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf

40867266

2014-07-31T18:39:58

Perform HTTP keep-alive

c180c065

2014-07-09T17:58:39

Custom transport: minor cleanups * Move the transport registration mechanisms into a new header under 'sys/' because this is advanced stuff. * Remove the 'priority' argument from the registration as it adds unnecessary complexity. (Since transports cannot decline to operate, only the highest priority transport is ever executed.) Users who require per-priority transports can implement that in their custom transport themselves. * Simplify registration further by taking a scheme (eg "http") instead of a prefix (eg "http://").

c983604e

2014-07-12T14:44:21

Consistently use p_snprintf

d07fd442

2014-07-12T14:37:39

Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined

959a93e7

2014-07-13T11:50:49

Silence unused variables warnings

8baeb8a4

2014-07-16T13:03:34

ssh: Fix unused warning

d4256ed5

2014-07-04T10:00:39

ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.

ae241ae1

2014-07-03T20:20:00

Include libssh2.h before git2.h (transport.h)

de3cf801

2014-07-02T15:28:24

Merge pull request #2456 from libgit2/cmn/ssh-send-everything ssh: libssh2_channel_write() behaves like send()

0963716b

2014-07-02T12:49:51

ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.

bc8a0886

2014-06-27T11:51:35

Fix assert when receiving uncommon sideband packet

ccb85c8f

2014-06-25T16:27:43

ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.

d1c281a5

2014-06-25T16:24:26

cred: add convenience function to get the username Since each cred defines the username on their own, introduce git_cred__username to retrieve the username pointer from them.

54da6958

2014-06-25T15:41:01

cred: introduce username-only cred This exists as ssh needs to know about the username to use before it can query for the supported authentication methods.

d7f962f4

2014-06-16T19:30:06

ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.

b529c5f9

2014-06-12T17:19:00

ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.

22618906

2014-06-12T16:09:54

ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.

9c3e4e97

2014-06-13T02:35:33

http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.

18d7896c

2014-06-03T21:47:53

clone: re-use the local transport's path resolution Whe already worked out the kinks with the function used in the local transport. Expose it and make use of it in the local clone method instead of trying to work it out again.

9331f98a

2014-05-22T12:52:31

smart: initialize the error variable

4c4408c3

2014-05-22T12:28:39

Plug leaks and fix a C99-ism We have too many places where we repeat free code, so when adding the new free to the generic code, it didn't take for the local transport. While there, fix a C99-ism that sneaked through.

a5982644

2014-05-22T02:28:42

Merge pull request #2376 from libgit2/cmn/remote-symref Add support for the symref extension

04865aa0

2014-05-21T10:01:44

local transport: expose the symref data When using the local transport, we always have the symbolic information available, so fill it.

306475eb

2014-05-20T09:55:26

remote: expose the remote's symref mappings Add a symref_target field to git_remote_head to expose the symref mappings to the user.

8156835d

2014-05-20T09:29:39

smart: store reported symrefs The protocol has a capability which allows the server to tell us which refs are symrefs, so we can e.g. know which is the default branch. This capability is different from the ones we already support, as it's not setting a flag to true, but requires us to store a list of refspec-formatted mappings. This commit does not yet expose the information in the reference listing.

ac11219b

2014-05-19T16:54:19

smart: send a flush when we disconnect The git server wants to hear a flush from us when we disconnect, particularly when we want to perform a fetch but are up to date.

8443ed6c

2014-04-25T02:10:19

Merge pull request #2284 from jacquesg/push-progress-callback Fire progress and update tips callbacks also for pushes.

5ca410b9

2014-04-23T07:13:49

Merge pull request #2283 from phkelley/win32_fs Win32: UTF-8 <-> WCHAR conversion overhaul

bc0a6198

2014-04-19T15:52:58

transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.

8b686b31

2014-04-21T15:25:19

Correct argument order of git__calloc()

48e60ae7

2014-04-21T11:23:29

Don't redefine the same callback types, their signatures may change

98020d3a

2014-04-21T10:55:37

Rename progress callback to sideband_progress

4f62163e

2014-04-20T22:06:05

Check the return codes of remote callbacks. The user may have requested that the operation be cancelled.

9effa2fb

2014-04-20T19:19:13

Fire progress callbacks also for pushes. It's not very useful to only know that a pre-receive hook has declined a push, you probably want to know why.

c2c81615

2014-04-19T18:05:31

Win32: UTF-8 <-> WCHAR conversion overhaul

a622ff17

2014-04-18T20:05:28

Only zero sensitive information on destruction (and memory actually allocated by us)

8ec0a552

2014-04-18T00:49:07

Make git_cred_ssh_custom_new() naming more consistent

478408c0

2014-04-17T23:03:44

Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication

bd270b70

2014-04-18T17:08:10

cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.

1392418e

2014-03-18T09:04:33

Seamless support for NTLM/Kerberos auth on Windows

5187b609

2014-03-07T14:58:43

local transport: catch double-opens Combinations of connect + fetch can call local_open multiple times. Detect this and skip the initialization stage.

300f4412

2014-02-25T11:56:11

- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes

8bf476ac

2014-01-19T16:24:58

Factor out code to convert local "url" into a path. Previously this code was shared between `local_push` and `local_connect`.

4e974c97

2014-01-18T08:02:58

Fix local push to file:// URL.

0b28217b

2014-01-15T12:51:31

refs: remove the _with_log differentiation Any well-behaved program should write a descriptive message to the reflog whenever it updates a reference. Let's make this more prominent by removing the version without the reflog parameters.

thodg/libgit2/src/transports

src/transports

Log