kmx git

Commit	Date	Message
3d11b6c5	2019-03-11T20:36:09	winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
757411a0	2019-03-11T12:56:09	network: don't add arbitrary url rules There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.
e66a4eb3	2019-06-05T14:19:14	online tests: use gitlab for auth failures GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.
59647e1a	2019-04-08T15:54:25	remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.
a1ef995d	2019-02-21T10:33:30	indexer: use git_indexer_progress throughout Update internal usage of `git_transfer_progress` to `git_indexer_progreses`.
f673e232	2018-12-27T13:47:34	git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
ed8cfbf0	2019-01-17T00:32:31	references: use new names in internal usage Update internal usage to use the `git_reference` names for constants.
35d86c77	2019-01-14T10:14:36	proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
6ba3e6af	2018-11-18T21:53:48	proxy tests: rename credential callback Rename credential callback to proxy_cred_cb to match new cert callback.
394ae7e1	2018-10-22T17:35:35	proxy tests: support self-signed proxy cert Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.
45054732	2018-10-29T10:45:59	tests: optionally ignore https cert validation For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.
4ecc14cd	2018-10-21T23:47:53	tests: support optional PROXY_SCHEME As we want to support HTTPS proxies, support an optional `GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will allow for HTTPS support. (When unset, the tests default to HTTP proxies.)
de60d9b4	2018-10-21T21:00:37	tests: PROXY_URL is more accurately PROXY_HOST Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be `GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an actual URL. (We cannot use a URL here since we may want to include the username:password combination in the constructed URL.)
e84914fd	2018-09-20T20:11:36	online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables.
d285de73	2018-07-20T21:52:24	push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.
dad99881	2018-07-20T21:51:36	push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
fd634019	2018-04-16T15:42:35	Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY
54bf4d14	2018-03-20T07:47:27	online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
03c58778	2018-03-19T09:20:35	online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
e380eae0	2018-02-28T16:10:53	online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.
820fb712	2018-01-18T07:48:28	tests: online::clone: fix memory leak due to not freeing URL
54a1bf05	2017-06-07T13:06:53	tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
fea60920	2017-06-07T12:48:48	tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
fb585d01	2017-07-31T00:58:58	Merge branch '4233'
c2c95ad0	2017-04-26T13:16:18	tests: online::clone: use URL of test server All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.
9364f274	2017-05-05T09:40:38	remote: test creating and fetching detached remotes
34b79391	2017-05-05T09:14:20	tests: online::remotes: add defines for URL and refspec The repository URL is duplicated several times and can be de-duplicated like this. Furthermore, exchange the static refspec variable with a define to reduce BSS size.
8897f8fe	2017-05-05T09:47:54	remote: reject various actions for detached remotes There are only few actions which actually make sense for a detached remote, like e.g. `git_remote_ls`, `git_remote_prune`. For all the other actions, we have to report an error when the remote has no repository attached to it. This commit does so and implements some tests.
a4de1ae3	2017-04-25T10:14:19	cmake: define GIT_HTTPS when HTTPS is supported
2ac57aa8	2017-01-09T17:53:21	https: don't test that RC4 is invalid None of our crypto backends actually reject RC4 as a cipher so don't test for it and instead keep it as something we'd like to do.
3829ba2e	2017-01-09T17:50:17	http: correct the expected error for RC4 We must make sure that we're getting a certificate error from the library so we know that we're testing the right thing.
98d66240	2017-01-06T10:51:31	http: perform 'badssl' check also via certificate callback Make sure that the callbacks do also get a 'valid' value of zero when the certificate we're looking at is in valid and assert that within the test.
30a876cd	2016-10-27T11:29:15	tests: fetchhead: fix memory leak
1eee631d	2016-08-04T13:45:28	refspec: do not set empty rhs for fetch refspecs According to git-fetch(1), "[t]he colon can be omitted when <dst> is empty." So according to git, the refspec "refs/heads/master" is the same as the refspec "refs/heads/master:" when fetching changes. When trying to fetch from a remote with a trailing colon with libgit2, though, the fetch actually fails while it works when the trailing colon is left out. So obviously, libgit2 does _not_ treat these two refspec formats the same for fetches. The problem results from parsing refspecs, where the resulting refspec has its destination set to an empty string in the case of a trailing colon and to a `NULL` pointer in the case of no trailing colon. When passing this to our DWIM machinery, the empty string gets translated to "refs/heads/", which is simply wrong. Fix the problem by having the parsing machinery treat both cases the same for fetch refspecs.
0bd77401	2016-04-21T11:05:21	clone test: annotate unused vars
0d72f67f	2016-03-14T17:36:04	proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
b117721d	2015-07-29T21:23:56	proxy: use poxy to test our Windows proxy support
07bd3e57	2015-05-07T12:57:56	proxy: ask the user for credentials if necessary
c577efbb	2016-03-14T12:41:41	Use general cl_git_fail because the error is generic
fa72d6da	2016-03-14T12:02:00	Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
505e4531	2015-10-30T13:53:53	Fix build for unit test If none of GIT_OPENSSL, GIT_WINHTTP or GIT_SECURE_TRANSPORT is defined we should also be able to build the unit test.
72b7c570	2015-09-30T09:17:18	Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers
53a28705	2015-09-27T22:48:39	net: add tests against badssl.com These provide bad X.509 certificates, which we should refuse to connect to by default.
dfe2856d	2015-09-18T12:06:55	Fix a couple of warnings
1af5aecb	2015-09-13T05:38:29	push: put the git_oid inline in the test structure These are small pieces of data, so there is no advantage to allocating them separately. Include the two ids inline in the struct we use to check that the expected and actual ids match.
3245896b	2015-09-10T13:18:26	Add a test for custom header validation Also, some custom headers actually are valid.
4f2b6093	2015-09-08T13:53:41	Tell the git_transport about the custom_headers
e069c621	2015-07-02T09:25:48	git__getenv: utf-8 aware env reader Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).
352ee171	2015-06-12T12:45:49	clone: set the credentials callback during testing
0f69b41d	2015-06-12T12:25:25	push: pass the callbacks during setup as well We need to pass these options in order to have the credentials callback set.
2c8550f0	2015-05-29T19:38:11	Merge pull request #3157 from mgorny/ssh_memory_auth Support getting SSH keys from memory, pt. 2
8085adf8	2015-05-27T18:44:40	test: Add a test for in-memory SSH private key cred_cb
7b5ce2e5	2015-05-14T09:33:54	clone: don't rely on auto-saving for single-branch The code used to rely on the clone code calling the remote's save, which does not happen anymore, meaning that the configuration settings the remote expected were not being written to disk. The run-time configuration was still being affected, so the right branch was being cloned. The tests continued to pass as we did not check for the configuration entires. Fix this by creating the remote with the single-branch refspec we want and checking for its existence in the configuration.
77254990	2015-04-23T06:51:34	remote: remove live changing of refspecs The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.
35a8a8c5	2015-04-22T17:29:20	remote: move the tagopt setting to the fetch options This is another option which we should not be keeping in the remote, but is specific to each particular operation.
3eff2a57	2015-04-22T16:11:10	remote: move the update_fetchhead setting to the options While this will rarely be different from the default, having it in the remote adds yet another setting it has to keep around and can affect its behaviour. Move it to the options.
058b753c	2015-04-22T15:45:21	remote: move the transport ctor to the callbacks Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.
8f0104ec	2015-04-21T22:10:36	Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.
cbe8a61d	2015-05-01T11:28:54	Merge pull request #3059 from libgit2/cmn/negotiation-notify [WIP/RFC] push: report the update plan to the caller
fc6f044e	2015-04-21T20:02:24	Fix for Issue #3023 tests fail with no network Moved offending tests from network to online so they will get skipped when there is a lack of network connectivity: -test_online_remotes__single_branch -test_online_remotes__restricted_refspecs
efc2fec5	2015-04-19T00:55:00	push: report the update plan to the caller It can be useful for the caller to know which update commands will be sent to the server before the packfile is pushed up. git does this via the pre-push hook. We don't have hooks, but as it adds introspection into what is happening, we can add a callback which performs the same function.
29e7ae5d	2015-03-16T19:39:05	Add failing test for cert callback with non-ecrypted stream When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.
e5e2c11d	2015-03-13T17:52:07	Put back the number of expected references to 6 from the test repo This was but down to 5 when GitHub made a change to their server which made them stop honouring the include-tag request. This has recently been corrected, so we can bring it back up to six.
412a3808	2015-01-15T15:31:23	push: remove reflog message override We always use "update by push".
659cf202	2015-01-07T12:23:05	Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.
6c9e86ad	2015-02-14T10:46:41	clone: drop now unnecessary SAFE_CREATE
fe794b2e	2014-12-16T08:57:05	remote: remove git_push from the public API Instead we provide git_remote_upload() and git_remote_update_tips() in order to have a parallel API for fetching and pushing.
21083a71	2014-12-06T03:12:04	notes: move the notes name argument Make it consistent between git_note_create() and git_note_remote() by putting it after the repository.
1ca61bdc	2014-11-19T20:53:25	fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
45301cca	2014-11-18T11:44:59	Merge pull request #2608 from libgit2/cmn/remote-push Provide a convenience function `git_remote_push()`
7f1b73b7	2014-11-17T17:03:55	Merge pull request #2693 from libgit2/cmn/push-refspec-refactor push: use the common refspec parser
aad638f3	2014-11-07T15:00:11	push: use the common refspec parser There is one well-known and well-tested parser which we should use, instead of implementing parsing a second time. The common parser is also augmented to copy the LHS into the RHS if the latter is empty. The expressions test had to change a bit, as we now catch a bad RHS of a refspec locally.
64e3e6d4	2014-10-11T12:25:50	remote: use configured push refspecs if none are given If the user does not pass any refspecs to push, try to use those configured via the configuration or via add_push().
6eb9e39c	2014-10-10T13:35:57	push: move main test function to git_remote_push() We have the step-by-step method in the initialization function as we want to remove references based on the list of references which are already there, and we can use the convenience function for testing the main push.
3149547b	2014-10-10T12:39:53	remote: introduce git_remote_push() This function, similar in style to git_remote_fetch(), performs all the steps required for a push, with a similar interface. The remote callbacks struct has learnt about the push callbacks, letting us set the callbacks a single time instead of setting some in the remote and some in the push operation.
209425ce	2014-11-08T13:25:51	remote: rename _load() to _lookup() This brings it in line with the rest of the lookup functions.
f54d8d52	2014-10-10T11:28:58	Merge pull request #2574 from csware/hostname-for-certificate_check_cb Provide host name to certificate_check_cb
db3d169c	2014-09-24T11:28:45	Add tests for host names Signed-off-by: Sven Strickroth <email@cs-ware.de>
9c206a22	2014-06-06T15:24:53	remote: use active refspec override in the tests This lets us test this bit as well as getting closer to what they were trying to do.
3f894205	2014-06-06T15:01:45	remote: allow overriding the refspecs for download and fetch With opportunistic ref updates, git has introduced the concept of having base refspecs and refspecs that are active for a particular fetch. Let's start by letting the user override the refspecs for download.
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
52e09724	2014-09-16T17:13:58	ssh: skip the localhost cert check earlier Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.
1e0aa105	2014-09-16T03:22:09	ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
286369a8	2014-09-16T02:27:16	ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
0fef3899	2014-09-16T01:25:53	Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
bf8756d6	2014-09-15T21:51:42	ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.
08545d36	2014-08-30T00:40:37	winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2f5864c5	2014-08-29T21:15:36	ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
85acc562	2014-08-29T17:07:07	remote: add tests for the certificate callback
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
a7fcac13	2014-09-15T20:26:12	Merge pull request #2554 from linquize/fetch-head-tag When auto follow tags, FETCH_HEAD should list only newly followed tags
d908351a	2014-09-05T22:31:53	When auto follow tags, FETCH_HEAD should list only newly followed tags
0ac9f9a0	2014-09-03T00:13:23	Merge pull request #2545 from linquize/no-ssh Skip SSH clone tests if libgit2 not built with GIT_SSH defined
fe3b6789	2014-09-01T19:18:20	Skip SSH clone tests if libgit2 not built with GIT_SSH defined
aff70018	2014-08-31T22:43:53	MSVC does not support zero size array
f0c53d21	2014-08-27T10:28:46	winhttp: Prevent swallowing of url parsing error

3d11b6c5

2019-03-11T20:36:09

winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.

757411a0

2019-03-11T12:56:09

network: don't add arbitrary url rules There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.

e66a4eb3

2019-06-05T14:19:14

online tests: use gitlab for auth failures GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.

59647e1a

2019-04-08T15:54:25

remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.

a1ef995d

2019-02-21T10:33:30

indexer: use git_indexer_progress throughout Update internal usage of `git_transfer_progress` to `git_indexer_progreses`.

f673e232

2018-12-27T13:47:34

git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.

ed8cfbf0

2019-01-17T00:32:31

references: use new names in internal usage Update internal usage to use the `git_reference` names for constants.

35d86c77

2019-01-14T10:14:36

proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected

6ba3e6af

2018-11-18T21:53:48

proxy tests: rename credential callback Rename credential callback to proxy_cred_cb to match new cert callback.

394ae7e1

2018-10-22T17:35:35

proxy tests: support self-signed proxy cert Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.

45054732

2018-10-29T10:45:59

tests: optionally ignore https cert validation For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.

4ecc14cd

2018-10-21T23:47:53

tests: support optional PROXY_SCHEME As we want to support HTTPS proxies, support an optional `GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will allow for HTTPS support. (When unset, the tests default to HTTP proxies.)

de60d9b4

2018-10-21T21:00:37

tests: PROXY_URL is more accurately PROXY_HOST Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be `GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an actual URL. (We cannot use a URL here since we may want to include the username:password combination in the constructed URL.)

e84914fd

2018-09-20T20:11:36

online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables.

d285de73

2018-07-20T21:52:24

push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.

dad99881

2018-07-20T21:51:36

push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

fd634019

2018-04-16T15:42:35

Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY

54bf4d14

2018-03-20T07:47:27

online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.

03c58778

2018-03-19T09:20:35

online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.

e380eae0

2018-02-28T16:10:53

online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.

820fb712

2018-01-18T07:48:28

tests: online::clone: fix memory leak due to not freeing URL

54a1bf05

2017-06-07T13:06:53

tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.

fea60920

2017-06-07T12:48:48

tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.

fb585d01

2017-07-31T00:58:58

Merge branch '4233'

c2c95ad0

2017-04-26T13:16:18

tests: online::clone: use URL of test server All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.

9364f274

2017-05-05T09:40:38

remote: test creating and fetching detached remotes

34b79391

2017-05-05T09:14:20

tests: online::remotes: add defines for URL and refspec The repository URL is duplicated several times and can be de-duplicated like this. Furthermore, exchange the static refspec variable with a define to reduce BSS size.

8897f8fe

2017-05-05T09:47:54

remote: reject various actions for detached remotes There are only few actions which actually make sense for a detached remote, like e.g. `git_remote_ls`, `git_remote_prune`. For all the other actions, we have to report an error when the remote has no repository attached to it. This commit does so and implements some tests.

a4de1ae3

2017-04-25T10:14:19

cmake: define GIT_HTTPS when HTTPS is supported

2ac57aa8

2017-01-09T17:53:21

https: don't test that RC4 is invalid None of our crypto backends actually reject RC4 as a cipher so don't test for it and instead keep it as something we'd like to do.

3829ba2e

2017-01-09T17:50:17

http: correct the expected error for RC4 We must make sure that we're getting a certificate error from the library so we know that we're testing the right thing.

98d66240

2017-01-06T10:51:31

http: perform 'badssl' check also via certificate callback Make sure that the callbacks do also get a 'valid' value of zero when the certificate we're looking at is in valid and assert that within the test.

30a876cd

2016-10-27T11:29:15

tests: fetchhead: fix memory leak

1eee631d

2016-08-04T13:45:28

refspec: do not set empty rhs for fetch refspecs According to git-fetch(1), "[t]he colon can be omitted when <dst> is empty." So according to git, the refspec "refs/heads/master" is the same as the refspec "refs/heads/master:" when fetching changes. When trying to fetch from a remote with a trailing colon with libgit2, though, the fetch actually fails while it works when the trailing colon is left out. So obviously, libgit2 does _not_ treat these two refspec formats the same for fetches. The problem results from parsing refspecs, where the resulting refspec has its destination set to an empty string in the case of a trailing colon and to a `NULL` pointer in the case of no trailing colon. When passing this to our DWIM machinery, the empty string gets translated to "refs/heads/", which is simply wrong. Fix the problem by having the parsing machinery treat both cases the same for fetch refspecs.

0bd77401

2016-04-21T11:05:21

clone test: annotate unused vars

0d72f67f

2016-03-14T17:36:04

proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.

b117721d

2015-07-29T21:23:56

proxy: use poxy to test our Windows proxy support

07bd3e57

2015-05-07T12:57:56

proxy: ask the user for credentials if necessary

c577efbb

2016-03-14T12:41:41

Use general cl_git_fail because the error is generic

fa72d6da

2016-03-14T12:02:00

Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682

505e4531

2015-10-30T13:53:53

Fix build for unit test If none of GIT_OPENSSL, GIT_WINHTTP or GIT_SECURE_TRANSPORT is defined we should also be able to build the unit test.

72b7c570

2015-09-30T09:17:18

Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers

53a28705

2015-09-27T22:48:39

net: add tests against badssl.com These provide bad X.509 certificates, which we should refuse to connect to by default.

dfe2856d

2015-09-18T12:06:55

Fix a couple of warnings

1af5aecb

2015-09-13T05:38:29

push: put the git_oid inline in the test structure These are small pieces of data, so there is no advantage to allocating them separately. Include the two ids inline in the struct we use to check that the expected and actual ids match.

3245896b

2015-09-10T13:18:26

Add a test for custom header validation Also, *some* custom headers actually are valid.

4f2b6093

2015-09-08T13:53:41

Tell the git_transport about the custom_headers

e069c621

2015-07-02T09:25:48

git__getenv: utf-8 aware env reader Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).

352ee171

2015-06-12T12:45:49

clone: set the credentials callback during testing

0f69b41d

2015-06-12T12:25:25

push: pass the callbacks during setup as well We need to pass these options in order to have the credentials callback set.

2c8550f0

2015-05-29T19:38:11

Merge pull request #3157 from mgorny/ssh_memory_auth Support getting SSH keys from memory, pt. 2

8085adf8

2015-05-27T18:44:40

test: Add a test for in-memory SSH private key cred_cb

7b5ce2e5

2015-05-14T09:33:54

clone: don't rely on auto-saving for single-branch The code used to rely on the clone code calling the remote's save, which does not happen anymore, meaning that the configuration settings the remote expected were not being written to disk. The run-time configuration was still being affected, so the right branch was being cloned. The tests continued to pass as we did not check for the configuration entires. Fix this by creating the remote with the single-branch refspec we want and checking for its existence in the configuration.

77254990

2015-04-23T06:51:34

remote: remove live changing of refspecs The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.

35a8a8c5

2015-04-22T17:29:20

remote: move the tagopt setting to the fetch options This is another option which we should not be keeping in the remote, but is specific to each particular operation.

3eff2a57

2015-04-22T16:11:10

remote: move the update_fetchhead setting to the options While this will rarely be different from the default, having it in the remote adds yet another setting it has to keep around and can affect its behaviour. Move it to the options.

058b753c

2015-04-22T15:45:21

remote: move the transport ctor to the callbacks Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.

8f0104ec

2015-04-21T22:10:36

Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.

cbe8a61d

2015-05-01T11:28:54

Merge pull request #3059 from libgit2/cmn/negotiation-notify [WIP/RFC] push: report the update plan to the caller

fc6f044e

2015-04-21T20:02:24

Fix for Issue #3023 tests fail with no network Moved offending tests from network to online so they will get skipped when there is a lack of network connectivity: -test_online_remotes__single_branch -test_online_remotes__restricted_refspecs

efc2fec5

2015-04-19T00:55:00

push: report the update plan to the caller It can be useful for the caller to know which update commands will be sent to the server before the packfile is pushed up. git does this via the pre-push hook. We don't have hooks, but as it adds introspection into what is happening, we can add a callback which performs the same function.

29e7ae5d

2015-03-16T19:39:05

Add failing test for cert callback with non-ecrypted stream When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.

e5e2c11d

2015-03-13T17:52:07

Put back the number of expected references to 6 from the test repo This was but down to 5 when GitHub made a change to their server which made them stop honouring the include-tag request. This has recently been corrected, so we can bring it back up to six.

412a3808

2015-01-15T15:31:23

push: remove reflog message override We always use "update by push".

659cf202

2015-01-07T12:23:05

Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.

6c9e86ad

2015-02-14T10:46:41

clone: drop now unnecessary SAFE_CREATE

fe794b2e

2014-12-16T08:57:05

remote: remove git_push from the public API Instead we provide git_remote_upload() and git_remote_update_tips() in order to have a parallel API for fetching and pushing.

21083a71

2014-12-06T03:12:04

notes: move the notes name argument Make it consistent between git_note_create() and git_note_remote() by putting it after the repository.

1ca61bdc

2014-11-19T20:53:25

fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.

45301cca

2014-11-18T11:44:59

Merge pull request #2608 from libgit2/cmn/remote-push Provide a convenience function `git_remote_push()`

7f1b73b7

2014-11-17T17:03:55

Merge pull request #2693 from libgit2/cmn/push-refspec-refactor push: use the common refspec parser

aad638f3

2014-11-07T15:00:11

push: use the common refspec parser There is one well-known and well-tested parser which we should use, instead of implementing parsing a second time. The common parser is also augmented to copy the LHS into the RHS if the latter is empty. The expressions test had to change a bit, as we now catch a bad RHS of a refspec locally.

64e3e6d4

2014-10-11T12:25:50

remote: use configured push refspecs if none are given If the user does not pass any refspecs to push, try to use those configured via the configuration or via add_push().

6eb9e39c

2014-10-10T13:35:57

push: move main test function to git_remote_push() We have the step-by-step method in the initialization function as we want to remove references based on the list of references which are already there, and we can use the convenience function for testing the main push.

3149547b

2014-10-10T12:39:53

remote: introduce git_remote_push() This function, similar in style to git_remote_fetch(), performs all the steps required for a push, with a similar interface. The remote callbacks struct has learnt about the push callbacks, letting us set the callbacks a single time instead of setting some in the remote and some in the push operation.

209425ce

2014-11-08T13:25:51

remote: rename _load() to _lookup() This brings it in line with the rest of the lookup functions.

f54d8d52

2014-10-10T11:28:58

Merge pull request #2574 from csware/hostname-for-certificate_check_cb Provide host name to certificate_check_cb

db3d169c

2014-09-24T11:28:45

Add tests for host names Signed-off-by: Sven Strickroth <email@cs-ware.de>

9c206a22

2014-06-06T15:24:53

remote: use active refspec override in the tests This lets us test this bit as well as getting closer to what they were trying to do.

3f894205

2014-06-06T15:01:45

remote: allow overriding the refspecs for download and fetch With opportunistic ref updates, git has introduced the concept of having base refspecs *and* refspecs that are active for a particular fetch. Let's start by letting the user override the refspecs for download.

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

52e09724

2014-09-16T17:13:58

ssh: skip the localhost cert check earlier Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.

1e0aa105

2014-09-16T03:22:09

ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.

286369a8

2014-09-16T02:27:16

ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

0fef3899

2014-09-16T01:25:53

Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info

bf8756d6

2014-09-15T21:51:42

ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.

08545d36

2014-08-30T00:40:37

winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

2f5864c5

2014-08-29T21:15:36

ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

85acc562

2014-08-29T17:07:07

remote: add tests for the certificate callback

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

a7fcac13

2014-09-15T20:26:12

Merge pull request #2554 from linquize/fetch-head-tag When auto follow tags, FETCH_HEAD should list only newly followed tags

d908351a

2014-09-05T22:31:53

When auto follow tags, FETCH_HEAD should list only newly followed tags

0ac9f9a0

2014-09-03T00:13:23

Merge pull request #2545 from linquize/no-ssh Skip SSH clone tests if libgit2 not built with GIT_SSH defined

fe3b6789

2014-09-01T19:18:20

Skip SSH clone tests if libgit2 not built with GIT_SSH defined

aff70018

2014-08-31T22:43:53

MSVC does not support zero size array

f0c53d21

2014-08-27T10:28:46

winhttp: Prevent swallowing of url parsing error

thodg/libgit2/tests/online

tests/online

Log