http.c: add http.sslCertPasswordProtected option

Add a configuration option, http.sslCertPasswordProtected, and associated
environment variable, GIT_SSL_CERT_PASSWORD_PROTECTED, to enable SSL client
certificate password prompt from within git.  If this option is false and
if the environment variable does not exist, git falls back to OpenSSL's
prompts (as in earlier versions of git).

The environment variable may only be used to enable, not to disable
git's password prompt.  This behavior mimics GIT_NO_VERIFY; the mere
existence of the variable is all that is checked.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Mark Lodato 2009-05-27 23:16:03 -04:00 committed by Junio C Hamano
parent 30dd916348
commit 754ae192a4
2 changed files with 14 additions and 1 deletions

View File

@ -1043,6 +1043,12 @@ http.sslKey::
over HTTPS. Can be overridden by the 'GIT_SSL_KEY' environment
variable.
http.sslCertPasswordProtected::
Enable git's password prompt for the SSL certificate. Otherwise
OpenSSL will prompt the user, possibly many times, if the
certificate or private key is encrypted. Can be overridden by the
'GIT_SSL_CERT_PASSWORD_PROTECTED' environment variable.
http.sslCAInfo::
File containing the certificates to verify the peer with when
fetching or pushing over HTTPS. Can be overridden by the

9
http.c
View File

@ -140,6 +140,11 @@ static int http_options(const char *var, const char *value, void *cb)
#endif
if (!strcmp("http.sslcainfo", var))
return git_config_string(&ssl_cainfo, var, value);
if (!strcmp("http.sslcertpasswordprotected", var)) {
if (git_config_bool(var, value))
ssl_cert_password_required = 1;
return 0;
}
#ifdef USE_CURL_MULTI
if (!strcmp("http.maxrequests", var)) {
max_requests = git_config_int(var, value);
@ -360,7 +365,9 @@ void http_init(struct remote *remote)
if (remote && remote->url && remote->url[0]) {
http_auth_init(remote->url[0]);
if (!prefixcmp(remote->url[0], "https://"))
if (!ssl_cert_password_required &&
getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
!prefixcmp(remote->url[0], "https://"))
ssl_cert_password_required = 1;
}