|
e48dbdf9
|
2019-05-20T05:51:44
|
|
fetchhead: use size_t in tests
|
|
3d11b6c5
|
2019-03-11T20:36:09
|
|
winhttp: support default credentials for proxies
We did not properly support default credentials for proxies, only for
destination servers. Refactor the credential handling to support sending
either username/password _or_ default credentials to either the proxy or
the destination server.
This actually shares the authentication logic between proxy servers and
destination servers. Due to copy/pasta drift over time, they had
diverged. Now they share a common logic which is: first, use
credentials specified in the URL (if there were any), treating empty
username and password (ie, "http://:@foo.com/") as default credentials,
for compatibility with git. Next, call the credential callbacks.
Finally, fallback to WinHTTP compatibility layers using built-in
authentication like we always have.
Allowing default credentials for proxies requires moving the security
level downgrade into the credential setting routines themselves.
We will update our security level to "high" by default which means that
we will never send default credentials without prompting. (A lower
setting, like the WinHTTP default of "medium" would allow WinHTTP to
handle credentials for us, despite what a user may have requested with
their structures.) Now we start with "high" and downgrade to "low" only
after a user has explicitly requested default credentials.
|
|
757411a0
|
2019-03-11T12:56:09
|
|
network: don't add arbitrary url rules
There's no reason a git repository couldn't be at the root of a server,
and URLs should have an implicit path of '/' when one is not specified.
|
|
e66a4eb3
|
2019-06-05T14:19:14
|
|
online tests: use gitlab for auth failures
GitHub recently changed their behavior from returning 401s for private
or nonexistent repositories on a clone to returning 404s. For our tests
that require an auth failure (and 401), move to GitLab to request a
missing repository. This lets us continue to test our auth failure
case, at least until they decide to mimic that decision.
|
|
59647e1a
|
2019-04-08T15:54:25
|
|
remote: add callback to resolve URLs before connecting
Since libssh2 doesn't read host configuration from the config file,
this callback can be used to hand over URL resolving to the client
without touching the SSH implementation itself.
|
|
a1ef995d
|
2019-02-21T10:33:30
|
|
indexer: use git_indexer_progress throughout
Update internal usage of `git_transfer_progress` to
`git_indexer_progreses`.
|
|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
ed8cfbf0
|
2019-01-17T00:32:31
|
|
references: use new names in internal usage
Update internal usage to use the `git_reference` names for constants.
|
|
35d86c77
|
2019-01-14T10:14:36
|
|
proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
|
|
45054732
|
2018-10-29T10:45:59
|
|
tests: optionally ignore https cert validation
For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints. For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.
Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.
|
|
6ba3e6af
|
2018-11-18T21:53:48
|
|
proxy tests: rename credential callback
Rename credential callback to proxy_cred_cb to match new cert callback.
|
|
394ae7e1
|
2018-10-22T17:35:35
|
|
proxy tests: support self-signed proxy cert
Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything). In that case, simply compare the hostname
from the callback to the hostname that we connected to.
|
|
4ecc14cd
|
2018-10-21T23:47:53
|
|
tests: support optional PROXY_SCHEME
As we want to support HTTPS proxies, support an optional
`GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will
allow for HTTPS support. (When unset, the tests default to HTTP
proxies.)
|
|
de60d9b4
|
2018-10-21T21:00:37
|
|
tests: PROXY_URL is more accurately PROXY_HOST
Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be
`GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an
actual URL. (We cannot use a URL here since we may want to include the
username:password combination in the constructed URL.)
|
|
e84914fd
|
2018-09-20T20:11:36
|
|
online::clone: free url and username before resetting
Before resetting the url and username, ensure that we free them in case
they were set by environment variables.
|
|
d285de73
|
2018-07-20T21:52:24
|
|
push tests: deeply free the specs
Don't just free the spec vector, also free the specs themselves.
|
|
dad99881
|
2018-07-20T21:51:36
|
|
push tests: deeply free the push status
Don't just free the push status structure, actually free the strings that were
strdup'd into the struct as well.
|
|
ecf4f33a
|
2018-02-08T11:14:48
|
|
Convert usage of `git_buf_free` to new `git_buf_dispose`
|
|
fd634019
|
2018-04-16T15:42:35
|
|
Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env
online::clone: validate user:pass in HTTP_PROXY
|
|
54bf4d14
|
2018-03-20T07:47:27
|
|
online tests: update auth for bitbucket test
Update the settings to use a specific read-only token for accessing our
test repositories in Bitbucket.
|
|
03c58778
|
2018-03-19T09:20:35
|
|
online::clone: skip creds fallback test
At present, we have three online tests against bitbucket: one which
specifies the credentials in the payload, one which specifies the
correct credentials in the URL and a final one that specifies the
incorrect credentials in the URL. Bitbucket has begun responding to the
latter test with a 403, which causes us to fail.
Break these three tests into separate tests so that we can skip the
latter until this is resolved on Bitbucket's end or until we can change
the test to a different provider.
|
|
e380eae0
|
2018-02-28T16:10:53
|
|
online::clone: validate user:pass in HTTP_PROXY
Validate using the http://user:pass@host/ format in HTTP_PROXY and
HTTPS_PROXY environment variables.
|
|
820fb712
|
2018-01-18T07:48:28
|
|
tests: online::clone: fix memory leak due to not freeing URL
|
|
54a1bf05
|
2017-06-07T13:06:53
|
|
tests: online::clone: inline creds-test with nonexistent URL
Right now, we test our credential callback code twice, once via SSH on
localhost and once via a non-existent GitHub repository. While the first
URL makes sense to be configurable, it does not make sense to hard-code
the non-existing repository, which requires us to call tests multiple
times. Instead, we can just inline the URL into another set of tests.
|
|
fea60920
|
2017-06-07T12:48:48
|
|
tests: online::clone: construct credential-URL from environment
We support two types of passing credentials to the proxy, either via the
URL or explicitly by specifying user and password. We test these types
by modifying the proxy URL and executing the tests twice, which is
in fact unnecessary and requires us to maintain the list of environment
variables and test executions across multiple CI infrastructures.
To fix the situation, we can just always pass the host, port, user and
password to the tests. The tests can then assemble the complete URL
either with or without included credentials, allowing us to test both
cases in-process.
|
|
fb585d01
|
2017-07-31T00:58:58
|
|
Merge branch '4233'
|
|
c2c95ad0
|
2017-04-26T13:16:18
|
|
tests: online::clone: use URL of test server
All our tests running against a local SSH server usually read the
server's URL from environment variables. But online::clone::ssh_cert
test fails to do so and instead always connects to
"ssh://localhost/foo". This assumption breaks whenever the SSH server is
not running on the standard port, e.g. when it is running as a user.
Fix the issue by using the URL provided by the environment.
|
|
9364f274
|
2017-05-05T09:40:38
|
|
remote: test creating and fetching detached remotes
|
|
34b79391
|
2017-05-05T09:14:20
|
|
tests: online::remotes: add defines for URL and refspec
The repository URL is duplicated several times and can be de-duplicated
like this. Furthermore, exchange the static refspec variable with a
define to reduce BSS size.
|
|
8897f8fe
|
2017-05-05T09:47:54
|
|
remote: reject various actions for detached remotes
There are only few actions which actually make sense for a detached
remote, like e.g. `git_remote_ls`, `git_remote_prune`. For all the other
actions, we have to report an error when the remote has no repository
attached to it. This commit does so and implements some tests.
|
|
a4de1ae3
|
2017-04-25T10:14:19
|
|
cmake: define GIT_HTTPS when HTTPS is supported
|
|
2ac57aa8
|
2017-01-09T17:53:21
|
|
https: don't test that RC4 is invalid
None of our crypto backends actually reject RC4 as a cipher so don't
test for it and instead keep it as something we'd like to do.
|
|
3829ba2e
|
2017-01-09T17:50:17
|
|
http: correct the expected error for RC4
We must make sure that we're getting a certificate error from the
library so we know that we're testing the right thing.
|
|
98d66240
|
2017-01-06T10:51:31
|
|
http: perform 'badssl' check also via certificate callback
Make sure that the callbacks do also get a 'valid' value of zero when
the certificate we're looking at is in valid and assert that within the
test.
|
|
30a876cd
|
2016-10-27T11:29:15
|
|
tests: fetchhead: fix memory leak
|
|
1eee631d
|
2016-08-04T13:45:28
|
|
refspec: do not set empty rhs for fetch refspecs
According to git-fetch(1), "[t]he colon can be omitted when <dst>
is empty." So according to git, the refspec "refs/heads/master"
is the same as the refspec "refs/heads/master:" when fetching
changes. When trying to fetch from a remote with a trailing
colon with libgit2, though, the fetch actually fails while it
works when the trailing colon is left out. So obviously, libgit2
does _not_ treat these two refspec formats the same for fetches.
The problem results from parsing refspecs, where the resulting
refspec has its destination set to an empty string in the case of
a trailing colon and to a `NULL` pointer in the case of no
trailing colon. When passing this to our DWIM machinery, the
empty string gets translated to "refs/heads/", which is simply
wrong.
Fix the problem by having the parsing machinery treat both cases
the same for fetch refspecs.
|
|
0bd77401
|
2016-04-21T11:05:21
|
|
clone test: annotate unused vars
|
|
0d72f67f
|
2016-03-14T17:36:04
|
|
proxy: don't specify the protocol in the type
We leave this up to the scheme in the url field. The type should only
tell us about whether we want a proxy and whether we want to auto-detect
it.
|
|
b117721d
|
2015-07-29T21:23:56
|
|
proxy: use poxy to test our Windows proxy support
|
|
07bd3e57
|
2015-05-07T12:57:56
|
|
proxy: ask the user for credentials if necessary
|
|
c577efbb
|
2016-03-14T12:41:41
|
|
Use general cl_git_fail because the error is generic
|
|
fa72d6da
|
2016-03-14T12:02:00
|
|
Setup better defaults for OpenSSL ciphers
This ensures that when using OpenSSL a safe default set of ciphers
is selected. This is done so that the client communicates securely
and we don't accidentally enable unsafe ciphers like RC4, or even
worse some old export ciphers.
Implements the first part of https://github.com/libgit2/libgit2/issues/3682
|
|
505e4531
|
2015-10-30T13:53:53
|
|
Fix build for unit test
If none of GIT_OPENSSL, GIT_WINHTTP or GIT_SECURE_TRANSPORT
is defined we should also be able to build the unit test.
|
|
72b7c570
|
2015-09-30T09:17:18
|
|
Merge pull request #3411 from spraints/custom-push-headers
Include custom HTTP headers
|
|
53a28705
|
2015-09-27T22:48:39
|
|
net: add tests against badssl.com
These provide bad X.509 certificates, which we should refuse to connect
to by default.
|
|
dfe2856d
|
2015-09-18T12:06:55
|
|
Fix a couple of warnings
|
|
1af5aecb
|
2015-09-13T05:38:29
|
|
push: put the git_oid inline in the test structure
These are small pieces of data, so there is no advantage to allocating
them separately. Include the two ids inline in the struct we use to
check that the expected and actual ids match.
|
|
3245896b
|
2015-09-10T13:18:26
|
|
Add a test for custom header validation
Also, *some* custom headers actually are valid.
|
|
4f2b6093
|
2015-09-08T13:53:41
|
|
Tell the git_transport about the custom_headers
|
|
e069c621
|
2015-07-02T09:25:48
|
|
git__getenv: utf-8 aware env reader
Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere.
Make `cl_getenv` use this to keep consistent memory handling around
return values (free everywhere, as opposed to only some platforms).
|
|
352ee171
|
2015-06-12T12:45:49
|
|
clone: set the credentials callback during testing
|
|
0f69b41d
|
2015-06-12T12:25:25
|
|
push: pass the callbacks during setup as well
We need to pass these options in order to have the credentials callback
set.
|
|
2c8550f0
|
2015-05-29T19:38:11
|
|
Merge pull request #3157 from mgorny/ssh_memory_auth
Support getting SSH keys from memory, pt. 2
|
|
8085adf8
|
2015-05-27T18:44:40
|
|
test: Add a test for in-memory SSH private key cred_cb
|
|
7b5ce2e5
|
2015-05-14T09:33:54
|
|
clone: don't rely on auto-saving for single-branch
The code used to rely on the clone code calling the remote's save, which
does not happen anymore, meaning that the configuration settings the
remote expected were not being written to disk.
The run-time configuration was still being affected, so the right branch
was being cloned. The tests continued to pass as we did not check for
the configuration entires. Fix this by creating the remote with the
single-branch refspec we want and checking for its existence in the
configuration.
|
|
77254990
|
2015-04-23T06:51:34
|
|
remote: remove live changing of refspecs
The base refspecs changing can be a cause of confusion as to what is the
current base refspec set and complicate saving the remote's
configuration.
Change `git_remote_add_{fetch,push}()` to update the configuration
instead of an instance.
This finally makes `git_remote_save()` a no-op, it will be removed in a
later commit.
|
|
35a8a8c5
|
2015-04-22T17:29:20
|
|
remote: move the tagopt setting to the fetch options
This is another option which we should not be keeping in the remote, but
is specific to each particular operation.
|
|
3eff2a57
|
2015-04-22T16:11:10
|
|
remote: move the update_fetchhead setting to the options
While this will rarely be different from the default, having it in the
remote adds yet another setting it has to keep around and can affect its
behaviour. Move it to the options.
|
|
058b753c
|
2015-04-22T15:45:21
|
|
remote: move the transport ctor to the callbacks
Instead of having it set in a different place from every other callback,
put it the main structure. This removes some state from the remote and
makes it behave more like clone, where the constructors are passed via
the options.
|
|
8f0104ec
|
2015-04-21T22:10:36
|
|
Remove the callbacks struct from the remote
Having the setting be different from calling its actions was not a great
idea and made for the sake of the wrong convenience.
Instead of that, accept either fetch options, push options or the
callbacks when dealing with the remote. The fetch options are currently
only the callbacks, but more options will be moved from setters and
getters on the remote to the options.
This does mean passing the same struct along the different functions but
the typical use-case will only call git_remote_fetch() or
git_remote_push() and so won't notice much difference.
|
|
cbe8a61d
|
2015-05-01T11:28:54
|
|
Merge pull request #3059 from libgit2/cmn/negotiation-notify
[WIP/RFC] push: report the update plan to the caller
|
|
fc6f044e
|
2015-04-21T20:02:24
|
|
Fix for Issue #3023 tests fail with no network
Moved offending tests from network to online so they will get skipped
when there is a lack of network connectivity:
-test_online_remotes__single_branch
-test_online_remotes__restricted_refspecs
|
|
efc2fec5
|
2015-04-19T00:55:00
|
|
push: report the update plan to the caller
It can be useful for the caller to know which update commands will be
sent to the server before the packfile is pushed up. git does this via
the pre-push hook.
We don't have hooks, but as it adds introspection into what is
happening, we can add a callback which performs the same function.
|
|
29e7ae5d
|
2015-03-16T19:39:05
|
|
Add failing test for cert callback with non-ecrypted stream
When we have an HTTP stream and have set the certificatre check
callback, we currently fail as we ask the unencrypted stream for its
certificate.
|
|
e5e2c11d
|
2015-03-13T17:52:07
|
|
Put back the number of expected references to 6 from the test repo
This was but down to 5 when GitHub made a change to their server which
made them stop honouring the include-tag request.
This has recently been corrected, so we can bring it back up to six.
|
|
412a3808
|
2015-01-15T15:31:23
|
|
push: remove reflog message override
We always use "update by push".
|
|
659cf202
|
2015-01-07T12:23:05
|
|
Remove the signature from ref-modifying functions
The signature for the reflog is not something which changes
dynamically. Almost all uses will be NULL, since we want for the
repository's default identity to be used, making it noise.
In order to allow for changing the identity, we instead provide
git_repository_set_ident() and git_repository_ident() which allow a user
to override the choice of signature.
|
|
6c9e86ad
|
2015-02-14T10:46:41
|
|
clone: drop now unnecessary SAFE_CREATE
|
|
fe794b2e
|
2014-12-16T08:57:05
|
|
remote: remove git_push from the public API
Instead we provide git_remote_upload() and git_remote_update_tips() in
order to have a parallel API for fetching and pushing.
|
|
21083a71
|
2014-12-06T03:12:04
|
|
notes: move the notes name argument
Make it consistent between git_note_create() and git_note_remote() by
putting it after the repository.
|
|
1ca61bdc
|
2014-11-19T20:53:25
|
|
fetch: clear the connection data on close
When we fetch twice with the same remote object, we did not properly
clear the connection flags, so we would leak state from the last
connection.
This can cause the second fetch with the same remote object to fail if
using a HTTP URL where the server redirects to HTTPS, as the second
fetch would see `use_ssl` set and think the initial connection wanted to
downgrade the connection.
|
|
45301cca
|
2014-11-18T11:44:59
|
|
Merge pull request #2608 from libgit2/cmn/remote-push
Provide a convenience function `git_remote_push()`
|
|
7f1b73b7
|
2014-11-17T17:03:55
|
|
Merge pull request #2693 from libgit2/cmn/push-refspec-refactor
push: use the common refspec parser
|
|
aad638f3
|
2014-11-07T15:00:11
|
|
push: use the common refspec parser
There is one well-known and well-tested parser which we should use,
instead of implementing parsing a second time.
The common parser is also augmented to copy the LHS into the RHS if the
latter is empty.
The expressions test had to change a bit, as we now catch a bad RHS of a
refspec locally.
|
|
64e3e6d4
|
2014-10-11T12:25:50
|
|
remote: use configured push refspecs if none are given
If the user does not pass any refspecs to push, try to use those
configured via the configuration or via add_push().
|
|
6eb9e39c
|
2014-10-10T13:35:57
|
|
push: move main test function to git_remote_push()
We have the step-by-step method in the initialization function as we
want to remove references based on the list of references which are
already there, and we can use the convenience function for testing the
main push.
|
|
3149547b
|
2014-10-10T12:39:53
|
|
remote: introduce git_remote_push()
This function, similar in style to git_remote_fetch(), performs all the
steps required for a push, with a similar interface.
The remote callbacks struct has learnt about the push callbacks, letting
us set the callbacks a single time instead of setting some in the remote
and some in the push operation.
|
|
209425ce
|
2014-11-08T13:25:51
|
|
remote: rename _load() to _lookup()
This brings it in line with the rest of the lookup functions.
|
|
f54d8d52
|
2014-10-10T11:28:58
|
|
Merge pull request #2574 from csware/hostname-for-certificate_check_cb
Provide host name to certificate_check_cb
|
|
db3d169c
|
2014-09-24T11:28:45
|
|
Add tests for host names
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
9c206a22
|
2014-06-06T15:24:53
|
|
remote: use active refspec override in the tests
This lets us test this bit as well as getting closer to what they were
trying to do.
|
|
3f894205
|
2014-06-06T15:01:45
|
|
remote: allow overriding the refspecs for download and fetch
With opportunistic ref updates, git has introduced the concept of having
base refspecs *and* refspecs that are active for a particular fetch.
Let's start by letting the user override the refspecs for download.
|
|
e6e834a1
|
2014-09-18T12:23:07
|
|
Provide host name to certificate_check_cb
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
52e09724
|
2014-09-16T17:13:58
|
|
ssh: skip the localhost cert check earlier
Skip it before we attempt to clone, as we would exit with -1 on systems
which do not have sshd running.
|
|
1e0aa105
|
2014-09-16T03:22:09
|
|
ssh: expose both hashes
The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.
|
|
286369a8
|
2014-09-16T02:27:16
|
|
ssh: provide our own types for host key lengths
Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.
|
|
0782fc43
|
2014-09-16T01:47:30
|
|
net: use only structs to pass information about cert
Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.
|
|
0fef3899
|
2014-09-16T01:25:53
|
|
Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
|
|
bf8756d6
|
2014-09-15T21:51:42
|
|
ssh: add test for host key
Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.
|
|
08545d36
|
2014-08-30T00:40:37
|
|
winhttp: credential check on successful connect
On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
|
|
23ca0ad5
|
2014-08-29T21:25:13
|
|
Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
|
|
2f5864c5
|
2014-08-29T21:15:36
|
|
ssh: do ssh cert info before asking for credentials
We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
|
|
17491f6e
|
2014-08-29T17:18:23
|
|
transport: always call the certificate check callback
We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.
|
|
85acc562
|
2014-08-29T17:07:07
|
|
remote: add tests for the certificate callback
|
|
9b940586
|
2014-07-04T12:45:43
|
|
Provide a callback for certificate validation
If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.
The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.
|
|
a7fcac13
|
2014-09-15T20:26:12
|
|
Merge pull request #2554 from linquize/fetch-head-tag
When auto follow tags, FETCH_HEAD should list only newly followed tags
|
|
d908351a
|
2014-09-05T22:31:53
|
|
When auto follow tags, FETCH_HEAD should list only newly followed tags
|
|
0ac9f9a0
|
2014-09-03T00:13:23
|
|
Merge pull request #2545 from linquize/no-ssh
Skip SSH clone tests if libgit2 not built with GIT_SSH defined
|
|
fe3b6789
|
2014-09-01T19:18:20
|
|
Skip SSH clone tests if libgit2 not built with GIT_SSH defined
|
|
aff70018
|
2014-08-31T22:43:53
|
|
MSVC does not support zero size array
|