kmx git

Commit	Date	Message
3f998aee	2019-10-26T17:21:29	Follow 308 redirect in WinHTTP transport
8bf0f7eb	2019-09-09T13:00:27	cred: separate public interface from low-level details
c2dd895a	2019-08-08T10:47:29	transports: http: check for memory allocation failures When allocating a chunk that is used to write to HTTP streams, we do not check for memory allocation errors. This may lead us to write to a `NULL` pointer and thus cause a segfault. Fix this by adding a call to `GIT_ERROR_CHECK_ALLOC`.
3cd123e9	2019-06-15T21:56:53	win32: define DWORD_MAX if it's not defined MinGW does not define DWORD_MAX. Specify it when it's not defined.
d93b0aa0	2019-06-15T21:47:40	win32: decorate unused parameters
8048ba70	2019-05-21T14:18:40	winhttp: safely cast length to DWORD
3d11b6c5	2019-03-11T20:36:09	winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
c6ab183e	2019-03-11T11:43:08	net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
bff7aed2	2019-01-24T16:44:04	Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
f673e232	2018-12-27T13:47:34	git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
321d19c1	2019-01-06T08:36:06	Windows is hard.
7b453e7e	2019-01-05T22:12:48	Fix a bunch of warnings This change fixes a bunch of warnings that were discovered by compiling with `clang -target=i386-pc-linux-gnu`. It turned out that the intrinsics were not necessarily being used in all platforms! Especially in GCC, since it does not support __has_builtin. Some more warnings were gleaned from the Windows build, but I stopped when I saw that some third-party dependencies (e.g. zlib) have warnings of their own, so we might never be able to enable -Werror there.
6af8572c	2018-10-22T11:29:01	http transport: cap number of authentication replays Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport.
a2e6e0ea	2018-11-06T14:15:43	transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.
2613fbb2	2018-10-18T11:58:14	global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse.
ba55592f	2018-08-02T20:34:56	Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling
ccbffbae	2018-07-30T13:39:21	Only unitialize if the call to CoInitializeEx was successful
8c21cb5c	2018-07-26T09:52:32	Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.
c9dc30ff	2018-07-26T09:52:21	Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.
dc371e3c	2018-07-20T08:20:48	winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
5ecb6220	2018-02-25T15:46:51	winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
934e6a3b	2018-02-27T11:24:30	winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
8c8db980	2018-02-27T10:32:29	mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
ee6be190	2018-01-31T08:36:19	http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
526dea1c	2017-12-29T17:41:24	winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
38eaa7ab	2017-11-24T12:28:19	winhttp: pass the same payload as ssh & http transports when checking certificates
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
97eb5ef0	2017-06-07T10:05:54	buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.
b65a5e9b	2017-03-01T07:58:40	winhttp: disambiguate error messages when sending requests
1e929eb5	2017-02-06T11:00:06	Pass proxy options payload to credentials callback
fa2dfcf9	2017-02-01T09:28:30	Fix digest credentials for proxy in windows
1910a04a	2016-12-30T12:42:42	winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
4e4a1460	2016-12-30T12:13:34	WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
43c55111	2016-06-07T14:14:07	winhttp: plug several memory leaks
0d72f67f	2016-03-14T17:36:04	proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
bf6f7ad2	2015-09-30T17:42:53	winhttp: correctly detect HTTPS usage
22e6aa0d	2015-09-23T04:39:05	proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.
07bd3e57	2015-05-07T12:57:56	proxy: ask the user for credentials if necessary
a4cba9d4	2016-03-03T10:48:24	winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
9ce0399c	2016-02-12T10:27:05	winhttp: use an unsigned iterator
5c7f2f01	2016-01-19T11:13:23	winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
efd9ab56	2015-11-20T11:26:26	Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
1411cb9e	2015-10-02T03:57:14	winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.
d7375662	2015-09-25T10:16:16	Copy custom_headers insteach of referencing the caller's copy
35969c68	2015-09-10T08:58:23	Ignore NULL headers
c82c2ba6	2015-09-08T14:17:59	o i
80ee2543	2015-09-08T13:38:22	Teach winhttp about the extra headers
79698030	2015-06-29T22:51:18	git_cert: child types use proper base type
0305721c	2015-06-30T14:23:41	winhttp: remove unused var
c5e07187	2015-03-24T14:03:51	Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition
b631e0d9	2015-03-19T07:25:25	Use swprintf_s everywhere except mingw.org
142e5379	2015-03-17T12:49:33	Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
3066026b	2014-08-26T11:18:33	Fix build on mingw-w64
8f426d7d	2014-06-09T11:43:25	Win32: Enable WinHTTP for MinGW
392702ee	2015-02-09T23:41:13	allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.
ad2bf40a	2014-12-08T17:31:34	winhttp: plug some leaks
70d21742	2014-12-03T00:41:46	win32: clear connection data on close
334a0696	2014-10-26T17:36:14	Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
4fe5b771	2014-09-16T13:35:36	winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
7c8acc54	2014-08-30T14:26:57	winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
67c84e06	2014-08-30T14:04:57	winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
5f2cf732	2014-08-30T13:12:33	winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.
08545d36	2014-08-30T00:40:37	winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
69db8934	2014-08-27T19:19:55	Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error
f0c53d21	2014-08-27T10:28:46	winhttp: Prevent swallowing of url parsing error
86d0a53c	2014-08-27T01:30:47	Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
2db71194	2014-07-24T04:15:24	Set timeout on remote (WinHTTP) to infinite #2147
e003f83a	2014-07-31T15:14:56	Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
c983604e	2014-07-12T14:44:21	Consistently use p_snprintf
d07fd442	2014-07-12T14:37:39	Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
c2c81615	2014-04-19T18:05:31	Win32: UTF-8 <-> WCHAR conversion overhaul
1392418e	2014-03-18T09:04:33	Seamless support for NTLM/Kerberos auth on Windows
25e0b157	2013-12-06T15:07:57	Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
84efffc3	2013-11-13T16:57:51	Introduce git_cred_default for NTLM/SPNEGO auth
80fc7d6b	2013-11-13T16:46:45	Propagate auth error codes as GIT_EUSER in winhttp
df9fc82e	2013-10-25T13:33:42	Use two calls to set two headers
3dc3c723	2013-10-08T15:52:37	Combine WinHTTP API calls
a58eecd4	2013-10-08T13:40:52	WinHTTP: set Accept header for POSTs
256961e4	2013-09-26T16:36:05	WHOOPS
ea59f659	2013-09-26T16:20:30	Deploy gitno_connection_data into transport (winhttp) ...and have that call manage replaced memory in the output structure.
f30d91ce	2013-09-26T11:03:27	Refactor URL handling to use library call
ac316e74	2013-09-25T14:25:38	Why are we disabling redirects?
4a88eb20	2013-09-25T12:13:09	Win32: handle http->https redirects
66566516	2013-09-08T17:15:42	Fix warning
1ff3a094	2013-08-27T19:41:44	Improve win32 version check, no ipv6 tests on XP
d4cff0cb	2013-08-13T09:40:32	Rename git__win32_path fns to git_win32_path
abf37327	2013-08-13T09:15:39	windows: Path conversion with better semantics
aaefbdee	2013-08-08T08:48:57	Discriminate path-specific and general UTF-X conversions
2c0128ee	2013-08-07T19:29:33	Rename git_win_str_utf* to git_win32_path_utf*
9c38f7a6	2013-08-07T13:22:41	Add typedefs for win32 utf-8 and utf-16 buffers ...and normalize the signatures of the two conversion functions.
d8563619	2013-08-05T11:41:39	Split UTF-16 and UTF-8 buffer sizes for win32 Also fixed up call-sites to use the correct buffer sizes, especially when converting to utf-8.
37f66e82	2013-06-12T15:21:21	Fix Windows warnings This fixes problems with missing function prototypes and 64-bit data issues on Windows.
e583334c	2013-05-10T21:42:22	Fix broken build when MSVC SDL checks is enabled
5c5eeba6	2013-03-31T22:22:33	Add git_has_win32_version helper
0227fa2a	2013-03-30T21:36:04	Avoid pre-Win7 WinHTTP self-redirect quirk
55e0f53d	2013-03-14T15:09:29	Fix various build warnings This fixes various build warnings on Mac and Windows (64-bit).

3f998aee

2019-10-26T17:21:29

Follow 308 redirect in WinHTTP transport

8bf0f7eb

2019-09-09T13:00:27

cred: separate public interface from low-level details

c2dd895a

2019-08-08T10:47:29

transports: http: check for memory allocation failures When allocating a chunk that is used to write to HTTP streams, we do not check for memory allocation errors. This may lead us to write to a `NULL` pointer and thus cause a segfault. Fix this by adding a call to `GIT_ERROR_CHECK_ALLOC`.

3cd123e9

2019-06-15T21:56:53

win32: define DWORD_MAX if it's not defined MinGW does not define DWORD_MAX. Specify it when it's not defined.

d93b0aa0

2019-06-15T21:47:40

win32: decorate unused parameters

8048ba70

2019-05-21T14:18:40

winhttp: safely cast length to DWORD

3d11b6c5

2019-03-11T20:36:09

winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.

c6ab183e

2019-03-11T11:43:08

net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.

bff7aed2

2019-01-24T16:44:04

Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>

f673e232

2018-12-27T13:47:34

git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.

321d19c1

2019-01-06T08:36:06

Windows is hard.

7b453e7e

2019-01-05T22:12:48

Fix a bunch of warnings This change fixes a bunch of warnings that were discovered by compiling with `clang -target=i386-pc-linux-gnu`. It turned out that the intrinsics were not necessarily being used in all platforms! Especially in GCC, since it does not support __has_builtin. Some more warnings were gleaned from the Windows build, but I stopped when I saw that some third-party dependencies (e.g. zlib) have warnings of their own, so we might never be able to enable -Werror there.

6af8572c

2018-10-22T11:29:01

http transport: cap number of authentication replays Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport.

a2e6e0ea

2018-11-06T14:15:43

transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.

2613fbb2

2018-10-18T11:58:14

global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse.

ba55592f

2018-08-02T20:34:56

Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling

ccbffbae

2018-07-30T13:39:21

Only unitialize if the call to CoInitializeEx was successful

8c21cb5c

2018-07-26T09:52:32

Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.

c9dc30ff

2018-07-26T09:52:21

Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.

dc371e3c

2018-07-20T08:20:48

winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

5ecb6220

2018-02-25T15:46:51

winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.

934e6a3b

2018-02-27T11:24:30

winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.

8c8db980

2018-02-27T10:32:29

mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.

ee6be190

2018-01-31T08:36:19

http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>

526dea1c

2017-12-29T17:41:24

winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.

38eaa7ab

2017-11-24T12:28:19

winhttp: pass the same payload as ssh & http transports when checking certificates

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

97eb5ef0

2017-06-07T10:05:54

buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.

b65a5e9b

2017-03-01T07:58:40

winhttp: disambiguate error messages when sending requests

1e929eb5

2017-02-06T11:00:06

Pass proxy options payload to credentials callback

fa2dfcf9

2017-02-01T09:28:30

Fix digest credentials for proxy in windows

1910a04a

2016-12-30T12:42:42

winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.

4e4a1460

2016-12-30T12:13:34

WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

43c55111

2016-06-07T14:14:07

winhttp: plug several memory leaks

0d72f67f

2016-03-14T17:36:04

proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.

bf6f7ad2

2015-09-30T17:42:53

winhttp: correctly detect HTTPS usage

22e6aa0d

2015-09-23T04:39:05

proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.

07bd3e57

2015-05-07T12:57:56

proxy: ask the user for credentials if necessary

a4cba9d4

2016-03-03T10:48:24

winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.

9ce0399c

2016-02-12T10:27:05

winhttp: use an unsigned iterator

5c7f2f01

2016-01-19T11:13:23

winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.

efd9ab56

2015-11-20T11:26:26

Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.

1411cb9e

2015-10-02T03:57:14

winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.

d7375662

2015-09-25T10:16:16

Copy custom_headers insteach of referencing the caller's copy

35969c68

2015-09-10T08:58:23

Ignore NULL headers

c82c2ba6

2015-09-08T14:17:59

o i

80ee2543

2015-09-08T13:38:22

Teach winhttp about the extra headers

79698030

2015-06-29T22:51:18

git_cert: child types use proper base type

0305721c

2015-06-30T14:23:41

winhttp: remove unused var

c5e07187

2015-03-24T14:03:51

Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition

b631e0d9

2015-03-19T07:25:25

Use swprintf_s everywhere except mingw.org

142e5379

2015-03-17T12:49:33

Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.

3066026b

2014-08-26T11:18:33

Fix build on mingw-w64

8f426d7d

2014-06-09T11:43:25

Win32: Enable WinHTTP for MinGW

392702ee

2015-02-09T23:41:13

allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.

ad2bf40a

2014-12-08T17:31:34

winhttp: plug some leaks

70d21742

2014-12-03T00:41:46

win32: clear connection data on close

334a0696

2014-10-26T17:36:14

Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

4fe5b771

2014-09-16T13:35:36

winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

7c8acc54

2014-08-30T14:26:57

winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.

67c84e06

2014-08-30T14:04:57

winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.

5f2cf732

2014-08-30T13:12:33

winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.

08545d36

2014-08-30T00:40:37

winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

69db8934

2014-08-27T19:19:55

Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error

f0c53d21

2014-08-27T10:28:46

winhttp: Prevent swallowing of url parsing error

86d0a53c

2014-08-27T01:30:47

Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147

2db71194

2014-07-24T04:15:24

Set timeout on remote (WinHTTP) to infinite #2147

e003f83a

2014-07-31T15:14:56

Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf

c983604e

2014-07-12T14:44:21

Consistently use p_snprintf

d07fd442

2014-07-12T14:37:39

Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined

c2c81615

2014-04-19T18:05:31

Win32: UTF-8 <-> WCHAR conversion overhaul

1392418e

2014-03-18T09:04:33

Seamless support for NTLM/Kerberos auth on Windows

25e0b157

2013-12-06T15:07:57

Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.

84efffc3

2013-11-13T16:57:51

Introduce git_cred_default for NTLM/SPNEGO auth

80fc7d6b

2013-11-13T16:46:45

Propagate auth error codes as GIT_EUSER in winhttp

df9fc82e

2013-10-25T13:33:42

Use two calls to set two headers

3dc3c723

2013-10-08T15:52:37

Combine WinHTTP API calls

a58eecd4

2013-10-08T13:40:52

WinHTTP: set Accept header for POSTs

256961e4

2013-09-26T16:36:05

WHOOPS

ea59f659

2013-09-26T16:20:30

Deploy gitno_connection_data into transport (winhttp) ...and have that call manage replaced memory in the output structure.

f30d91ce

2013-09-26T11:03:27

Refactor URL handling to use library call

ac316e74

2013-09-25T14:25:38

Why are we disabling redirects?

4a88eb20

2013-09-25T12:13:09

Win32: handle http->https redirects

66566516

2013-09-08T17:15:42

Fix warning

1ff3a094

2013-08-27T19:41:44

Improve win32 version check, no ipv6 tests on XP

d4cff0cb

2013-08-13T09:40:32

Rename git__win32_path fns to git_win32_path

abf37327

2013-08-13T09:15:39

windows: Path conversion with better semantics

aaefbdee

2013-08-08T08:48:57

Discriminate path-specific and general UTF-X conversions

2c0128ee

2013-08-07T19:29:33

Rename git_win_str_utf* to git_win32_path_utf*

9c38f7a6

2013-08-07T13:22:41

Add typedefs for win32 utf-8 and utf-16 buffers ...and normalize the signatures of the two conversion functions.

d8563619

2013-08-05T11:41:39

Split UTF-16 and UTF-8 buffer sizes for win32 Also fixed up call-sites to use the correct buffer sizes, especially when converting to utf-8.

37f66e82

2013-06-12T15:21:21

Fix Windows warnings This fixes problems with missing function prototypes and 64-bit data issues on Windows.

e583334c

2013-05-10T21:42:22

Fix broken build when MSVC SDL checks is enabled

5c5eeba6

2013-03-31T22:22:33

Add git_has_win32_version helper

0227fa2a

2013-03-30T21:36:04

Avoid pre-Win7 WinHTTP self-redirect quirk

55e0f53d

2013-03-14T15:09:29

Fix various build warnings This fixes various build warnings on Mac and Windows (64-bit).

thodg/libgit2/src/transports/winhttp.c

src/transports/winhttp.c

Log