diff options
author | Lars Kellogg-Stedman <lars@redhat.com> | 2015-05-08 09:22:15 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-05-08 10:56:26 -0700 |
commit | f6f2a9e42d14e61429af418d8038aa67049b3821 (patch) | |
tree | 9c359d4e6c1721f112f201b9b0dd49670db61b93 | |
parent | 16018ae5fb368151f3eff13730cf089b63f41962 (diff) | |
download | git-ls/http-ssl-cipher-list.tar.gz |
http: add support for specifying an SSL cipher listls/http-ssl-cipher-list
Teach git about a new option, "http.sslCipherList", which permits one to
specify a list of ciphers to use when negotiating SSL connections. The
setting can be overwridden by the GIT_SSL_CIPHER_LIST environment
variable.
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | Documentation/config.txt | 13 | ||||
-rw-r--r-- | contrib/completion/git-completion.bash | 1 | ||||
-rw-r--r-- | http.c | 10 |
3 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index 1a8ddb41c7..0a01bf930b 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1561,6 +1561,19 @@ http.savecookies:: If set, store cookies received during requests to the file specified by http.cookiefile. Has no effect if http.cookiefile is unset. +http.sslCipherList:: + A list of SSL ciphers to use when negotiating an SSL connection. + The available ciphers depend on whether libcurl was built against + NSS or OpenSSL and the particular configuration of the crypto + library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST' + option; see the libcurl documentation for more details on the format + of this list. ++ +Can be overridden by the 'GIT_SSL_CIPHER_LIST' environment variable. +To force git to use libcurl's default cipher list and ignore any +explicit http.sslCipherList option, set 'GIT_SSL_CIPHER_LIST' to the +empty string. + http.sslVerify:: Whether to verify the SSL certificate when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment diff --git a/contrib/completion/git-completion.bash b/contrib/completion/git-completion.bash index 16205467b1..e8ae621a30 100644 --- a/contrib/completion/git-completion.bash +++ b/contrib/completion/git-completion.bash @@ -2123,6 +2123,7 @@ _git_config () http.noEPSV http.postBuffer http.proxy + http.sslCipherList http.sslCAInfo http.sslCAPath http.sslCert @@ -35,6 +35,7 @@ char curl_errorstr[CURL_ERROR_SIZE]; static int curl_ssl_verify = -1; static int curl_ssl_try; static const char *ssl_cert; +static const char *ssl_cipherlist; #if LIBCURL_VERSION_NUM >= 0x070903 static const char *ssl_key; #endif @@ -153,6 +154,8 @@ static int http_options(const char *var, const char *value, void *cb) curl_ssl_verify = git_config_bool(var, value); return 0; } + if (!strcmp("http.sslcipherlist", var)) + return git_config_string(&ssl_cipherlist, var, value); if (!strcmp("http.sslcert", var)) return git_config_string(&ssl_cert, var, value); #if LIBCURL_VERSION_NUM >= 0x070903 @@ -327,6 +330,13 @@ static CURL *get_curl_handle(void) if (http_proactive_auth) init_curl_http_auth(result); + if (getenv("GIT_SSL_CIPHER_LIST")) + ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST"); + + if (ssl_cipherlist != NULL && *ssl_cipherlist) + curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST, + ssl_cipherlist); + if (ssl_cert != NULL) curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); if (has_cert_password()) |