src/transports/http.c


Log

Author Commit Date CI Message
Rick Altherr 83b35181 2018-10-19T10:54:38 transport/http: Include non-default ports in Host header When the port is omitted, the server assumes the default port for the service is used (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host). In cases where the client provided a non-default port, it should be passed along. This hasn't been an issue so far as the git protocol doesn't include server-generated URIs. I encountered this when implementing Rust registry support for Sonatype Nexus. Rust's registry uses a git repository for the package index. Clients look at a file in the root of the package index to find the base URL for downloading the packages. Sonatype Nexus looks at the incoming HTTP request (Host header and URL) to determine the client-facing URL base as it may be running behind a load balancer or reverse proxy. This client-facing URL base is then used to construct the package download base URL. When libgit2 fetches the index from Nexus on a non-default port, Nexus trusts the incorrect Host header and generates an incorrect package download base URL.
Carlos Martín Nieto 9b6e4081 2018-10-15T17:08:38 Merge commit 'afd10f0' (Follow 308 redirects)
Zander Brown afd10f0b 2018-10-13T09:31:20 Follow 308 redirects (as used by GitLab)
Anders Borum 475db39b 2018-10-06T12:58:06 ignore unsupported http authentication schemes auth_context_match returns 0 instead of -1 for unknown schemes to not fail in situations where some authentication schemes are supported and others are not. apply_credentials is adjusted to handle auth_context_match returning 0 without producing authentication context.
Etienne Samson 1c949ce1 2018-08-21T02:11:32 transport/http: do not return success if we failed to get a scheme Otherwise we return a NULL context, which will get dereferenced in apply_credentials.
Patrick Steinhardt ecf4f33a 2018-02-08T11:14:48 Convert usage of `git_buf_free` to new `git_buf_dispose`
Edward Thomson ee6be190 2018-01-31T08:36:19 http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
Etienne Samson e9369856 2017-03-21T00:25:15 stream: Gather streams to src/streams
Patrick Steinhardt 0c7f49dd 2017-06-30T13:39:01 Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
tyler wanek 39e76bb3 2017-01-27T16:05:20 Do not discard proxy_options that have been set when auto is specified
Carlos Martín Nieto a6d833a2 2017-01-13T17:05:58 Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
Etienne Samson 9a64e62f 2016-12-21T21:24:33 http: check certificate validity before clobbering the error variable
Edward Thomson 909d5494 2016-12-29T12:25:15 giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Carlos Martín Nieto fafafb1f 2016-12-20T16:19:30 http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
Patrick Steinhardt b1453601 2016-08-17T11:38:26 transports: http: reset `connected` flag when closing transport
Patrick Steinhardt c4cba4e9 2016-08-17T11:00:05 transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.
wildart bdec62dc 2016-07-06T13:06:25 remove conditions that prevent use of custom TLS stream
David Brooks 6c9eb86f 2016-06-19T11:46:43 HTTP authentication scheme name is case insensitive.
Carlos Martín Nieto 0d72f67f 2016-03-14T17:36:04 proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto b373e9a6 2015-09-21T22:38:50 net: use proxy options struct in the stream config
Carlos Martín Nieto 94bac76c 2015-10-02T03:46:34 http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.
Matt Burke d7375662 2015-09-25T10:16:16 Copy custom_headers insteach of referencing the caller's copy
Matt Burke 35969c68 2015-09-10T08:58:23 Ignore NULL headers
Matt Burke 276f6aa0 2015-09-08T14:00:37 Hook up the custom_headers to the http transport
Matt Burke 24f5b4e1 2015-09-08T13:34:42 Drop extra_http_headers from git_remote
Matt Burke 59d6128e 2015-09-04T09:36:50 Allow the world to set HTTP headers for remotes
Matt Burke ac9b5127 2015-09-04T09:20:45 Pull extra_http_headers from the git_remote
Matt Burke 6af6e690 2015-09-04T09:18:32 Put the extra headers on the connection_data instead
Matt Burke c3733e56 2015-09-04T08:56:26 Add more headers to HTTP requests
Carlos Martín Nieto 11bca2d2 2015-08-15T18:15:23 http: propagate the credentials callback's error code When we ask for credentials, the user may choose to return EUSER to indicate that an error has happened on its end and it wants to be given back control. We must therefore pass that back to the user instead of mentioning that it was on_headers_complete() that returned an error code. Since we can, we return the exact error code from the user (other than PASSTHROUGH) since it doesn't cost anything, though using other error codes aren't recommended.
Anders Borum 31a76374 2015-07-29T22:23:00 case-insensitive check for WWW-Authenticate header Fixes issue #3338
Matthew Plough 768f8be3 2015-06-30T19:00:41 Fix #3094 - improve use of portable size_t/ssize_t format specifiers. The header src/cc-compat.h defines portable format specifiers PRIuZ, PRIdZ, and PRIxZ. The original report highlighted the need to use these specifiers in examples/network/fetch.c. For this commit, I checked all C source and header files not in deps/ and transitioned to the appropriate format specifier where appropriate.
Pierre-Olivier Latour 1630981e 2015-06-30T09:03:23 http: fixed leak when asking for credentials again t->cred might have been allocated the previous time and needs to be freed before asking caller for credentials again.
Carlos Martín Nieto 8b380060 2015-06-29T21:12:44 http: don't give up on auth on the first try When the server rejects an authentication request, ask the caller for the credentials again, instead of giving up on the first try.
Carlos Martín Nieto 8443f492 2015-06-11T16:57:04 curl: remove the encrypted param to the constructor We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
Carlos Martín Nieto f97d5d09 2015-06-11T16:54:48 http: ask for the curl stream for non-encrypted connections The TLS streams talk over the curl stream themselves, so we don't need to ask for it explicitly. Do so in the case of the non-encrypted one so we can still make use proxies in that case.
Carlos Martín Nieto 8762d721 2015-06-07T14:51:10 http: set the proxy if the stream supports it Of the built-in ones, only cURL support it, but there's no reason a user-provided stream wouldn't support it.
Carlos Martín Nieto 8dea1c21 2015-06-05T11:02:11 Implement a curl stream cURL has a mode in which it acts a lot like our streams, providing send and recv functions and taking care of the TLS and proxy setup for us. Implement a new stream which uses libcurl instead of raw sockets or the TLS libraries directly. This version does not support reporting certificates or proxies yet.
J Wyman 7dd22538 2015-05-11T10:19:25 centralizing all IO buffer size values
Carlos Martín Nieto 24e53d2f 2015-03-19T09:55:20 Rename GIT_SSL to GIT_OPENSSL This is what it's meant all along, but now we actually have multiple implementations, it's clearer to use the name of the library.
Carlos Martín Nieto 6946a3be 2015-03-19T00:18:03 Abstract away the TLS stream implementation Instead, provide git_tls_stream_new() to ask for the most appropriate encrypted stream and use it in our HTTP transport.
Carlos Martín Nieto 6bb54cbf 2014-11-02T13:23:32 Add a SecureTransport TLS channel As an alternative to OpenSSL when we're on OS X. This one can actually take advantage of stacking the streams.
Edward Thomson c5e07187 2015-03-24T14:03:51 Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition
Leo Yang 142e5379 2015-03-17T12:49:33 Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Carlos Martín Nieto 84d83b8e 2015-03-16T19:41:50 http: do not try to use the cert callback on unencrypted streams When the user has a certificate check callback set, we still have to check whether the stream we're using is even capable of providing a certificate. In the case of an unencrypted certificate, do not ask for it from the stream, and do not call the callback.
Carlos Martín Nieto e892b6a9 2015-03-03T17:23:01 http: enforce the credential types The user may decide to return any type of credential, including ones we did not say we support. Add a check to make sure the user returned an object of the right type and error out if not.
Carlos Martín Nieto a2fd56ab 2014-12-10T16:22:50 Fix a couple of compiler warnings
Carlos Martín Nieto b6f5464e 2014-11-01T21:35:06 Port HTTP(S) to the new stream API
Carlos Martín Nieto 1ca61bdc 2014-11-19T20:53:25 fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
Edward Thomson 369b0217 2014-10-13T13:34:15 Clean up various compiler warnings
Sven Strickroth e6e834a1 2014-09-18T12:23:07 Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 41698f22 2014-09-11T10:04:05 net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
Carlos Martín Nieto 23ca0ad5 2014-08-29T21:25:13 Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto 17491f6e 2014-08-29T17:18:23 transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto ec1ce458 2014-08-10T17:06:53 http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
Carlos Martín Nieto 9b940586 2014-07-04T12:45:43 Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Carlos Martín Nieto 294c6f29 2014-08-16T22:12:13 http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.
Edward Thomson 23135afa 2014-08-14T11:52:20 Introduce proper http authentication API
Edward Thomson 315cb38e 2014-07-31T18:43:20 Add GSSAPI support for SPNEGO/Kerberos auth over HTTP
Edward Thomson e003f83a 2014-07-31T15:14:56 Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
Edward Thomson 40867266 2014-07-31T18:39:58 Perform HTTP keep-alive
Carlos Martín Nieto 9c3e4e97 2014-06-13T02:35:33 http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.
Carlos Martín Nieto bc0a6198 2014-04-19T15:52:58 transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
Russell Belfer 9cfce273 2013-12-12T12:11:38 Cleanups, renames, and leak fixes This renames git_vector_free_all to the better git_vector_free_deep and also contains a couple of memory leak fixes based on valgrind checks. The fixes are specifically: failure to free global dir path variables when not compiled with threading on and failure to free filters from the filter registry that had not be initialized fully.
Russell Belfer 25e0b157 2013-12-06T15:07:57 Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
Ben Straub 1b02baf4 2013-09-26T16:25:05 Adjust to new utility signature
Ben Straub 83fbd368 2013-09-26T15:58:41 Deploy gitno_connection_data into transport
Ben Straub 8988688c 2013-09-25T20:41:56 Migrate redirect URL handling to common utility
Russell Belfer 46fbc88e 2013-09-24T14:50:06 Prevent HTTPS to HTTP redirect
Russell Belfer eb0ff130 2013-09-24T14:07:08 Disconnect path string to preserve after redirect The subtransport path was relying on pointing to data owned by the remote which meant that after a redirect, the updated path was getting lost for future requests. This updates the http transport to strdup the path and maintain its own lifetime. This also pulls responsibility for parsing the URL back into the http transport and isolates the functions that parse and free that connection data so that they can be reused between the initial parsing and the redirect parsing.
Ben Straub 210d5325 2013-09-23T12:09:23 Allow redirects to use same host
Philip Kelley 35e0f3c6 2013-03-25T17:59:30 Refine the redirect check condition
Philip Kelley 2c7f7a66 2013-03-25T17:35:36 http: Support 302 Found (arrbee did most of the work)
Ben Straub 54ffc1f7 2013-01-31T14:41:01 HTTP: use creds in url if available
Ben Straub cf7038a6 2013-01-31T14:04:21 Enhance url parsing to include passwords
Ben Straub 7602cb7c 2013-01-31T10:44:57 Add user-from-url param to auth callback
Ben Straub 2234b2b0 2013-01-30T19:03:58 Stash username from url (but don't use it yet)
Edward Thomson 359fc2d2 2013-01-08T17:07:25 update copyrights
Ben Straub 59bccf33 2012-12-10T11:11:01 Add a payload param to git_cred_acquire_cb Fixes #1128.
Philip Kelley 4a6621fd 2012-11-29T08:35:21 Leverage the min macro from util.h
Philip Kelley 6762fe08 2012-11-29T08:29:26 Remove casts of return values of type void *
Philip Kelley 613d5eb9 2012-11-28T11:42:37 Push! By schu, phkelley, and congyiwu, et al
Vicent Marti f6c18dda 2012-11-13T14:17:41 http: Unrustle
Vicent Martí aa1c3b58 2012-11-13T14:13:47 Merge pull request #1016 from arrbee/fix-checkout-dir-removal Update checkout with new strategies & behavior
Michael Schubert d51e54f1 2012-11-13T14:28:44 Remove unused variables
Russell Belfer 757b4065 2012-11-09T14:01:44 Fix warnings and valgrind issues This fixes some various warnings that showed up in Travis and a couple uses of uninitialized memory and one memory leak.
Philip Kelley 11fa8472 2012-11-06T11:27:23 Don't store no_check_cert; fetch it on demand
Philip Kelley 2f7538ec 2012-11-06T09:36:04 Fix connection leak in http subtransport
Philip Kelley 091361f5 2012-11-06T08:52:03 Basic authentication for http and winhttp
Philip Kelley ff830366 2012-11-01T12:07:42 Http: Set an error for invalid content-type
Philip Kelley 41fb1ca0 2012-10-29T13:41:14 Reorganize transport architecture (squashed 3)
Ben Straub a0ce87c5 2012-10-26T13:43:13 Add network transfer callbacks on Windows
Ben Straub 7bcd9e23 2012-10-19T19:23:32 gitno_buffer: callback on each packet The fetch code takes advantage of this to implement a progress callback every 100kb of transfer.
nulltoken 68206c54 2012-10-13T21:00:45 test: fix some memory leaks
Carlos Martín Nieto aeba5e17 2012-10-10T23:55:03 http: don't discard the HEAD ref The fix for fetching from empty repositories (22935b06d protocol: don't store flushes; 2012-10-07) forgot to take into account the deletion of the flush pkt in the HTTP transport. As a result, the HEAD ref advertisement where we detect the remote's capabilities was deleted instead. Fix this.
nulltoken 9ac8b113 2012-09-20T14:06:49 Fix MSVC amd64 compilation warnings
Carlos Martín Nieto 3ce22c74 2012-08-26T19:22:34 http: use WinHTTP on Windows Wondows has its own HTTP library. Use that one when possible instead of our own. As we don't depend on them anymore, remove the http-parser library from the Windows build, as well as the search for OpenSSL.
Carlos Martín Nieto 687ec68b 2012-09-14T00:51:29 http: use the new unicode functions The winhttp branch was based on a version before these existed, so the build broke on Windows.
Carlos Martín Nieto cc1d85d1 2012-08-25T23:32:19 http: increase buffer side to deal with side-band-64k This poor transport was forgotten in the recent sideband support.