Skip to content

Commit

Permalink
http: http.emptyauth should allow empty (not just NULL) usernames
Browse files Browse the repository at this point in the history 
When using Kerberos authentication with newer versions of libcurl,
CURLOPT_USERPWD must be set to a value, even if it is an empty value.
The value is never sent to the server.  Previous versions of libcurl
did not require this variable to be set.  One way that some users
express the empty username/password is http://:@gitserver.example.com,
which http.emptyauth was designed to support.  Another, equivalent,
URL is http://@gitserver.example.com.  The latter leads to a username
of zero-length, rather than a NULL username, but CURLOPT_USERPWD still
needs to be set (if http.emptyauth is set).  Do so.

Signed-off-by: David Turner <dturner@twosigma.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
@novalis @gitster
novalis authored and gitster committed Oct 4, 2016
1 parent 92d4266 commit 5275c30
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@ static int http_options(const char *var, const char *value, void *cb)

static void init_curl_http_auth(CURL *result)
{
if (!http_auth.username) {
if (!http_auth.username || !*http_auth.username) {
if (curl_empty_auth)
curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return;
Expand Down

0 comments on commit 5275c30

Please sign in to comment.