Permalink
Browse files

http: support proxies that require authentication

When the proxy server specified by the http.proxy configuration or the
http_proxy environment variable requires authentication, git failed to
connect to the proxy, because we did not configure the cURL handle with
CURLOPT_PROXYAUTH.

When a proxy is in use, and you tell git that the proxy requires
authentication by having username in the http.proxy configuration, an
extra request needs to be made to the proxy to find out what
authentication method it supports, as this patch uses CURLAUTH_ANY to let
the library pick the most secure method supported by the proxy server.

The extra round-trip adds extra latency, but relieves the user from the
burden to configure a specific authentication method.  If it becomes
problem, a later patch could add a configuration option to specify what
method to use, but let's start simple for the time being.

Signed-off-by: Nelson Benitez Leon <nbenitezl@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information...
Nelson Benitez Leon authored and gitster committed Mar 2, 2012
1 parent 222433e commit dd6139971a18e25a5089c0f96dc80e454683ef0b
Showing with 3 additions and 1 deletion.
  1. +3 −1 http.c
View
4 http.c
@@ -295,8 +295,10 @@ static CURL *get_curl_handle(void)
if (curl_ftp_no_epsv)
curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
- if (curl_http_proxy)
+ if (curl_http_proxy) {
curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+ curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
+ }
return result;
}

0 comments on commit dd61399

Please sign in to comment.