git/http.c, branch v1.7.8.2

Merge branch 'jk/maint-push-over-dav' into maint

2011-12-28T19:32:37Z

* jk/maint-push-over-dav: http-push: enable "proactive auth" t5540: test DAV push with authentication

Merge branch 'mf/curl-select-fdset' into maint

2011-12-14T06:03:17Z

* mf/curl-select-fdset: http: drop "local" member from request struct http.c: Rely on select instead of tracking whether data was received http.c: Use timeout suggested by curl instead of fixed 50ms timeout http.c: Use curl_multi_fdset to select on curl fds instead of just sleeping

http-push: enable "proactive auth"

2011-12-14T00:34:44Z

Before commit 986bbc08, git was proactive about asking for http passwords. It assumed that if you had a username in your URL, you would also want a password, and asked for it before making any http requests. However, this could interfere with the use of .netrc (see 986bbc08 for details). And it was also unnecessary, since the http fetching code had learned to recognize an HTTP 401 and prompt the user then. Furthermore, the proactive prompt could interfere with the usage of .netrc (see 986bbc08 for details). Unfortunately, the http push-over-DAV code never learned to recognize HTTP 401, and so was broken by this change. This patch does a quick fix of re-enabling the "proactive auth" strategy only for http-push, leaving the dumb http fetch and smart-http as-is. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

http: remove unused function hex()

2011-11-16T00:08:48Z

Signed-off-by: Ramkumar Ramachandra Signed-off-by: Junio C Hamano

http: drop "local" member from request struct

2011-11-04T19:05:01Z

This is a FILE pointer in the case that we are sending our output to a file. We originally used it to run ftell() to determine whether data had been written to our file during our last call to curl. However, as of the last patch, we no longer care about that flag anymore. All uses of this struct member are now just book-keeping that can go away. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

http.c: Rely on select instead of tracking whether data was received

2011-11-04T17:47:13Z

Since now select is used with the file descriptors of the http connections, tracking whether data was received recently (and trying to read more in that case) is no longer necessary. Instead, always call select and rely on it to return as soon as new data can be read. Signed-off-by: Mika Fischer Helped-by: Jeff King Signed-off-by: Junio C Hamano

http.c: Use timeout suggested by curl instead of fixed 50ms timeout

2011-11-04T17:46:56Z

Recent versions of curl can suggest a period of time the library user should sleep and try again, when curl is blocked on reading or writing (or connecting). Use this timeout instead of always sleeping for 50ms. Signed-off-by: Mika Fischer Helped-by: Daniel Stenberg Signed-off-by: Junio C Hamano

http.c: Use curl_multi_fdset to select on curl fds instead of just sleeping

2011-11-04T17:46:25Z

Instead of sleeping unconditionally for a 50ms, when no data can be read from the http connection(s), use curl_multi_fdset() to obtain the actual file descriptors of the open connections and use them in the select call. This way, the 50ms sleep is interrupted when new data arrives. Signed-off-by: Mika Fischer Helped-by: Daniel Stenberg Signed-off-by: Junio C Hamano

http: don't always prompt for password

2011-11-04T16:47:18Z

When a username is already specified at the beginning of any HTTP transaction (e.g. "git push https://user@hosting.example.com/project.git" or "git ls-remote https://user@hosting.example.com/project.git"), the code interactively asks for a password before calling into the libcurl library. It is very likely that the reason why user included the username in the URL is because the user knows that it would require authentication to access the resource. Asking for the password upfront would save one roundtrip to get a 401 response, getting the password and then retrying the request. This is a reasonable optimization. HOWEVER. This is done even when $HOME/.netrc might have a corresponding entry to access the site, or the site does not require authentication to access the resource after all. But neither condition can be determined until we call into libcurl library (we do not read and parse $HOME/.netrc ourselves). In these cases, the user is forced to respond to the password prompt, only to give a password that is not used in the HTTP transaction. If the password is in $HOME/.netrc, an empty input would later let the libcurl layer to pick up the password from there, and if the resource does not require authentication, any input would be taken and then discarded without getting used. It is wasteful to ask this unused information to the end user. Reduce the confusion by not trying to optimize for this case and always incur roundtrip penalty. An alternative might be to document this and keep this round-trip optimization as-is. Signed-off-by: Stefan Naewe Helped-by: Jeff King Signed-off-by: Junio C Hamano

Merge branch 'jk/http-auth'

2011-10-18T04:37:15Z

* jk/http-auth: http_init: accept separate URL parameter http: use hostname in credential description http: retry authentication failures for all http requests remote-curl: don't retry auth failures with dumb protocol improve httpd auth tests url: decode buffers that are not NUL-terminated