delta/libgit2.git, branch ethomson/proxy github.com: libgit2/libgit2.git http: reset replay_count upon connection 2018-11-28T15:50:18+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-28T10:12:43+00:00 30ac46aa469b06cd47efa9625c2bf4862f8494b7 Reset the replay_count upon a successful connection. It's possible that we could encounter a situation where we connect successfully but need to replay a request - for example, a connection and initial request succeeds without authentication but a subsequent call does require authentication. Reset the replay count upon any successful request to afford subsequent replays room to manuever. 
Reset the replay_count upon a successful connection.  It's possible that
we could encounter a situation where we connect successfully but need to
replay a request - for example, a connection and initial request
succeeds without authentication but a subsequent call does require
authentication.  Reset the replay count upon any successful request to
afford subsequent replays room to manuever.
stream registration: take an enum type 2018-11-28T15:50:15+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-22T08:49:09+00:00 02bb39f448b9ed151a638d22fdcbccc895f4d3cf Accept an enum (`git_stream_t`) during custom stream registration that indicates whether the registration structure should be used for standard (non-TLS) streams or TLS streams. 
Accept an enum (`git_stream_t`) during custom stream registration that
indicates whether the registration structure should be used for standard
(non-TLS) streams or TLS streams.
http: don't allow SSL connections to a proxy 2018-11-28T15:46:58+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-18T19:54:49+00:00 52478d7dc323ad1768bc5c6fc03c031b7adc5d20 Temporarily disallow SSL connections to a proxy until we can understand the valgrind warnings when tunneling OpenSSL over OpenSSL. 
Temporarily disallow SSL connections to a proxy until we can understand
the valgrind warnings when tunneling OpenSSL over OpenSSL.
http: only load proxy configuration during connection 2018-11-28T15:46:58+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-18T19:10:50+00:00 41f620d9a1fd701efb6b9910c364d1eac4d47355 Only load the proxy configuration during connection; we need this data when we're going to connect to the server, however we may mutate it after connection (connecting through a CONNECT proxy means that we should send requests like normal). If we reload the proxy configuration but do not actually reconnect (because we're in a keep-alive session) then we will reload the proxy configuration that we should have mutated. Thus, only load the proxy configuration when we know that we're going to reconnect. 
Only load the proxy configuration during connection; we need this data
when we're going to connect to the server, however we may mutate it
after connection (connecting through a CONNECT proxy means that we
should send requests like normal).  If we reload the proxy configuration
but do not actually reconnect (because we're in a keep-alive session)
then we will reload the proxy configuration that we should have mutated.

Thus, only load the proxy configuration when we know that we're going to
reconnect.
stream: provide generic registration API 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-18T10:29:07+00:00 df2cc1087f6de8718319e5bcc65ca8e0e07b717e Update the new stream registration API to be `git_stream_register` which takes a registration structure and a TLS boolean. This allows callers to register non-TLS streams as well as TLS streams. Provide `git_stream_register_tls` that takes just the init callback for backward compatibliity. 
Update the new stream registration API to be `git_stream_register`
which takes a registration structure and a TLS boolean.  This allows
callers to register non-TLS streams as well as TLS streams.

Provide `git_stream_register_tls` that takes just the init callback for
backward compatibliity.
http: disallow repeated headers from servers 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-18T11:00:11+00:00 0467606ff4dbf57401c8b58188652df821ec865b Don't allow servers to send us multiple Content-Type, Content-Length or Location headers. 
Don't allow servers to send us multiple Content-Type, Content-Length
or Location headers.
CMake: disable deprecated documentation sync 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-11-18T09:52:12+00:00 3a2e48366135decbe4f265c72f0ace612f349412 The `-Wdocumentation-deprecated-sync` option will warn when there is a doxygen `\deprecated` tag but there is no corresponding deprecation attribute on the function. We want to encourage users to not use particular APIs by marking them deprecated in the documentation without necessarily raising a compiler warning by marking an item as deprecated. 
The `-Wdocumentation-deprecated-sync` option will warn when there is a
doxygen `\deprecated` tag but there is no corresponding deprecation
attribute on the function.  We want to encourage users to not use
particular APIs by marking them deprecated in the documentation without
necessarily raising a compiler warning by marking an item as deprecated.
tests: optionally ignore https cert validation 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-29T10:45:59+00:00 45054732a4232a27953de212cd068619a0f8b723 For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests. 
For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints.  For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.

Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.
http: remove cURL 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-29T10:04:48+00:00 21142c5a61fca0d44cbf51824dbe28f6324229e8 We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency. 
We previously used cURL to support HTTP proxies.  Now that we've added
this support natively, we can remove the curl dependency.
streams: remove unused tls functions 2018-11-28T15:46:57+00:00 Edward Thomson ethomson@edwardthomson.com 2018-10-29T08:59:33+00:00 2878ad08316155bfaf7b2d7b3204aece13c9936a The implementations of git_openssl_stream_new and git_mbedtls_stream_new have callers protected by #ifdefs and are never called unless compiled in. There's no need for a dummy implementation. Remove them. 
The implementations of git_openssl_stream_new and
git_mbedtls_stream_new have callers protected by #ifdefs and
are never called unless compiled in.  There's no need for a
dummy implementation.  Remove them.