diff options
| author | Christoph Egger <christoph@christoph-egger.org> | 2016-02-15 15:04:22 +0100 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-02-15 19:21:48 -0800 |
| commit | aeff8a61216bf6e0d663c08c583bc8552fa3c344 (patch) | |
| tree | 56089a2c0b99c783ee4ebed5bf90445c32b0fa3c /Documentation | |
| parent | a08595f76159b09d57553e37a5123f1091bb13e7 (diff) | |
| download | git-aeff8a61216bf6e0d663c08c583bc8552fa3c344.tar.gz | |
http: implement public key pinningce/https-public-key-pinning
Add the http.pinnedpubkey configuration option for public key
pinning. It allows any string supported by libcurl --
base64(sha256(pubkey)) or filename of the full public key.
If cURL does not support pinning (is too old) output a warning to the
user.
Signed-off-by: Christoph Egger <christoph@christoph-egger.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/config.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index f61788668e..bc0237fd62 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1679,6 +1679,14 @@ http.sslCAPath:: with when fetching or pushing over HTTPS. Can be overridden by the 'GIT_SSL_CAPATH' environment variable. +http.pinnedpubkey:: + Public key of the https service. It may either be the filename of + a PEM or DER encoded public key file or a string starting with + 'sha256//' followed by the base64 encoded sha256 hash of the + public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will + exit with an error if this option is set but not supported by + cURL. + http.sslTry:: Attempt to use AUTH SSL/TLS and encrypted data transfers when connecting via regular FTP protocol. This might be needed |