-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxy settings ignored while cloning with libgit2 1.0.1 #5650
Comments
I'd like a few more details - we have several tests that exercise proxies. Did this work before and stopped working in 1.0.1? Have you found any workarounds? Does it work for fetch but not clone, etc? Do the proxy environment variables work? |
Hi, It looks like a regression compared to 0.28.5. Here's a slightly edited version that can be used both with 0.28 and 1.0.1: #include <git2.h>
#include <assert.h>
#include <stdio.h>
int
main ()
{
int err;
err = git_libgit2_init ();
assert (err == 1);
git_clone_options opts;
err = git_clone_init_options (&opts, GIT_CLONE_OPTIONS_VERSION);
assert (err == 0);
opts.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
opts.fetch_opts.proxy_opts.url = "http://localhost:8118/";
git_repository *repo;
err = git_clone (&repo, "http://example.org/whatever.git", "/tmp/example",
&opts);
assert (err != 0);
const git_error *gerr;
gerr = giterr_last ();
fprintf (stderr, "last error: %s\n", gerr->message);
return 0;
} With 0.28.5, the
This is in contrast with 1.0.1:
I haven't tried with fetch and haven't found any workarounds. Environment variables Thanks, |
I'm just seeing now that you're using I think that this is the culprit: https://github.com/libgit2/libgit2/blob/master/src/transports/httpclient.c#L1007 @civodul if you change this to omit the There's probably a broader question about whether we should really support non-ssl http connections through proxies without enabling some sort of setting - much like we don't allow http basic authentication over non-ssl http. |
@ethomson Oh you're right, changing the URL to
FWIW I found about this regression via a unit test of Guile-Git: https://gitlab.com/guile-git/guile-git/-/blob/master/tests/proxy.scm. From that respect, I would think it's still a regression. WDYT? Thank you! |
I agree, does the code change that I suggested resolve it for you or are you not able to recompile libgit2 from source? |
The change you suggest allows libgit2 to connect to the proxy for an
|
I have also run into this issue. This is indeed a problem when using a HTTP Proxy to talk to a HTTP remote. When the git client is configured in the same way it correctly makes a connection to the HTTP proxy with the full URL in the request so the proxy knows which server to forward it to. This code in libgit2 seems to generate the correct request for a HTTP Proxy -> HTTP Upstream (i.e. it has the full URL of the remote in the request) its just that libgit2 does not connect to the proxy to make the request. It looks like libgit2 only supports CONNECT style HTTP proxy, that is, a HTTP proxy -> HTTPS Upstream. |
Reproduction steps
Compile this code with libgit2 1.0.1:
Run it under
strace
and notice that it connects toexample.org
directly instead of connecting to the specified proxy:Expected behavior
Should connect to
localhost:8118
and send aGET
request there.Actual behavior
Connects directly to
example.org
.Version of libgit2 (release number or SHA1)
1.0.1
Operating system(s) tested
GNU/Linux (GNU Guix), x86_64.
The text was updated successfully, but these errors were encountered: