mirror of
https://github.com/git/git
synced 2024-10-30 03:13:24 +00:00
3e8084f188
Change the error shown when a http.pinnedPubKey doesn't match to point
the http.pinnedPubKey variable added in aeff8a6121
(http: implement
public key pinning, 2016-02-15), e.g.:
git -c http.pinnedPubKey=sha256/someNonMatchingKey ls-remote https://github.com/git/git.git
fatal: unable to access 'https://github.com/git/git.git/' with http.pinnedPubkey configuration: SSL: public key does not match pinned public key!
Before this we'd emit the exact same thing without the " with
http.pinnedPubkey configuration". The advantage of doing this is that
we're going to get a translated message (everything after the ":" is
hardcoded in English in libcurl), and we've got a reference to the
git-specific configuration variable that's causing the error.
Unfortunately we can't test this easily, as there are no tests that
require https:// in the test suite, and t/lib-httpd.sh doesn't know
how to set up such tests. See [1] for the start of a discussion about
what it would take to have divergent "t/lib-httpd/apache.conf" test
setups. #leftoverbits
1. https://lore.kernel.org/git/YUonS1uoZlZEt+Yd@coredump.intra.peff.net/
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
129 lines
3.6 KiB
C
129 lines
3.6 KiB
C
#ifndef GIT_CURL_COMPAT_H
|
|
#define GIT_CURL_COMPAT_H
|
|
#include <curl/curl.h>
|
|
|
|
/**
|
|
* This header centralizes the declaration of our libcurl dependencies
|
|
* to make it easy to discover the oldest versions we support, and to
|
|
* inform decisions about removing support for older libcurl in the
|
|
* future.
|
|
*
|
|
* The oldest supported version of curl is documented in the "INSTALL"
|
|
* document.
|
|
*
|
|
* The source of truth for what versions have which symbols is
|
|
* https://github.com/curl/curl/blob/master/docs/libcurl/symbols-in-versions;
|
|
* the release dates are taken from curl.git (at
|
|
* https://github.com/curl/curl/).
|
|
*
|
|
* For each X symbol we need from curl we define our own
|
|
* GIT_CURL_HAVE_X. If multiple similar symbols with the same prefix
|
|
* were defined in the same version we pick one and check for that name.
|
|
*
|
|
* We may also define a missing CURL_* symbol to its known value, if
|
|
* doing so is sufficient to add support for it to older versions that
|
|
* don't have it.
|
|
*
|
|
* Keep any symbols in date order of when their support was
|
|
* introduced, oldest first, in the official version of cURL library.
|
|
*/
|
|
|
|
/**
|
|
* CURL_SOCKOPT_OK was added in 7.21.5, released in April 2011.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM < 0x071505
|
|
#define CURL_SOCKOPT_OK 0
|
|
#endif
|
|
|
|
/**
|
|
* CURLOPT_TCP_KEEPALIVE was added in 7.25.0, released in March 2012.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x071900
|
|
#define GITCURL_HAVE_CURLOPT_TCP_KEEPALIVE 1
|
|
#endif
|
|
|
|
|
|
/**
|
|
* CURLOPT_LOGIN_OPTIONS was added in 7.34.0, released in December
|
|
* 2013.
|
|
*
|
|
* If we start requiring 7.34.0 we might also be able to remove the
|
|
* code conditional on USE_CURL_FOR_IMAP_SEND in imap-send.c, see
|
|
* 1e16b255b95 (git-imap-send: use libcurl for implementation,
|
|
* 2014-11-09) and the check it added for "072200" in the Makefile.
|
|
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x072200
|
|
#define GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS 1
|
|
#endif
|
|
|
|
/**
|
|
* CURL_SSLVERSION_TLSv1_[012] was added in 7.34.0, released in
|
|
* December 2013.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x072200
|
|
#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_0
|
|
#endif
|
|
|
|
/**
|
|
* CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November
|
|
* 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x072c00
|
|
#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1
|
|
#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1
|
|
#endif
|
|
|
|
/**
|
|
* CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015.
|
|
*
|
|
* The CURL_HTTP_VERSION_2 alias (but not CURL_HTTP_VERSION_2_0) has
|
|
* always been a macro, not an enum field (checked on curl version
|
|
* 7.78.0)
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x072b00
|
|
#define GIT_CURL_HAVE_CURL_HTTP_VERSION_2 1
|
|
#endif
|
|
|
|
/**
|
|
* CURLSSLOPT_NO_REVOKE was added in 7.44.0, released in August 2015.
|
|
*
|
|
* The CURLSSLOPT_NO_REVOKE is, has always been a macro, not an enum
|
|
* field (checked on curl version 7.78.0)
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x072c00
|
|
#define GIT_CURL_HAVE_CURLSSLOPT_NO_REVOKE 1
|
|
#endif
|
|
|
|
/**
|
|
* CURLOPT_PROXY_CAINFO was added in 7.52.0, released in August 2017.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
|
#define GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO 1
|
|
#endif
|
|
|
|
/**
|
|
* CURLOPT_PROXY_{KEYPASSWD,SSLCERT,SSLKEY} was added in 7.52.0,
|
|
* released in August 2017.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
|
#define GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD 1
|
|
#endif
|
|
|
|
/**
|
|
* CURL_SSLVERSION_TLSv1_3 was added in 7.53.0, released in February
|
|
* 2017.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x073400
|
|
#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3 1
|
|
#endif
|
|
|
|
/**
|
|
* CURLSSLSET_{NO_BACKENDS,OK,TOO_LATE,UNKNOWN_BACKEND} were added in
|
|
* 7.56.0, released in September 2017.
|
|
*/
|
|
#if LIBCURL_VERSION_NUM >= 0x073800
|
|
#define GIT_CURL_HAVE_CURLSSLSET_NO_BACKENDS
|
|
#endif
|
|
|
|
#endif
|