http.c: add http.sslCertPasswordProtected option

Add a configuration option, http.sslCertPasswordProtected, and associated
environment variable, GIT_SSL_CERT_PASSWORD_PROTECTED, to enable SSL client
certificate password prompt from within git.  If this option is false and
if the environment variable does not exist, git falls back to OpenSSL's
prompts (as in earlier versions of git).

The environment variable may only be used to enable, not to disable
git's password prompt.  This behavior mimics GIT_NO_VERIFY; the mere
existence of the variable is all that is checked.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/config.txt b/Documentation/config.txt
index 3a86d1f8f05317717d718a6db7c5e0f9acb47d6b..2649b303fa187401a2436adde5d8f4b241654db6 100644 (file)
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1043,6 +1043,12 @@ http.sslKey::
        over HTTPS. Can be overridden by the 'GIT_SSL_KEY' environment
        variable.
 
+http.sslCertPasswordProtected::
+       Enable git's password prompt for the SSL certificate.  Otherwise
+       OpenSSL will prompt the user, possibly many times, if the
+       certificate or private key is encrypted.  Can be overridden by the
+       'GIT_SSL_CERT_PASSWORD_PROTECTED' environment variable.
+
 http.sslCAInfo::
        File containing the certificates to verify the peer with when
        fetching or pushing over HTTPS. Can be overridden by the

diff --git a/http.c b/http.c
index 1c138135d74ecef0ae6887a1951ce275c89502ca..1b140d381d576438b1445c4f62cd0d230b53911e 100644 (file)
--- a/http.c
+++ b/http.c
@@ -140,6 +140,11 @@ static int http_options(const char *var, const char *value, void *cb)
 #endif
        if (!strcmp("http.sslcainfo", var))
                return git_config_string(&ssl_cainfo, var, value);
+       if (!strcmp("http.sslcertpasswordprotected", var)) {
+               if (git_config_bool(var, value))
+                       ssl_cert_password_required = 1;
+               return 0;
+       }
 #ifdef USE_CURL_MULTI
        if (!strcmp("http.maxrequests", var)) {
                max_requests = git_config_int(var, value);
@@ -360,7 +365,9 @@ void http_init(struct remote *remote)
 
        if (remote && remote->url && remote->url[0]) {
                http_auth_init(remote->url[0]);
-               if (!prefixcmp(remote->url[0], "https://"))
+               if (!ssl_cert_password_required &&
+                   getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
+                   !prefixcmp(remote->url[0], "https://"))
                        ssl_cert_password_required = 1;
        }