![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Mark Lodato <lodatom@gmail.com> | |
| Thu, 28 May 2009 03:16:02 +0000 (23:16 -0400) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Thu, 18 Jun 2009 17:45:05 +0000 (10:45 -0700) | ||
| commit | 30dd916348001e4313708473d91d633d3b14d1b5 | |
| tree | 74b941711694a3ffd256902642980f18e12aff72 | tree | snapshot |
| parent | cb9d398c3506a6354a1c63d265a4228fcec28fda | commit | diff |
http.c: prompt for SSL client certificate password
If an SSL client certificate is enabled (via http.sslcert or
GIT_SSL_CERT), prompt for the certificate password rather than
defaulting to OpenSSL's password prompt. This causes the prompt to only
appear once each run. Previously, OpenSSL prompted the user *many*
times, causing git to be unusable over HTTPS with client-side
certificates.
Note that the password is stored in memory in the clear while the
program is running. This may be a security problem if git crashes and
core dumps.
The user is always prompted, even if the certificate is not encrypted.
This should be fine; unencrypted certificates are rare and a security
risk anyway.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If an SSL client certificate is enabled (via http.sslcert or
GIT_SSL_CERT), prompt for the certificate password rather than
defaulting to OpenSSL's password prompt. This causes the prompt to only
appear once each run. Previously, OpenSSL prompted the user *many*
times, causing git to be unusable over HTTPS with client-side
certificates.
Note that the password is stored in memory in the clear while the
program is running. This may be a security problem if git crashes and
core dumps.
The user is always prompted, even if the certificate is not encrypted.
This should be fine; unencrypted certificates are rare and a security
risk anyway.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| http.c | diff | blob | history |