git-curl-compat: remove check for curl 7.39.0
libcurl 7.39.0 was released in November 2014, which is almost ten years ago, and no major operating system vendor is still providing security support for it. Debian 9 and Ubuntu 16.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Taylor Blau <me@ttaylorr.com>
This commit is contained in:
brian m. carlson
committed by
Taylor Blau
Taylor Blau
parent
6545b26eeb
commit
05dd4ec507
@ -28,15 +28,6 @@
|
||||
* introduced, oldest first, in the official version of cURL library.
|
||||
*/
|
||||
|
||||
/**
|
||||
* CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November
|
||||
* 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version.
|
||||
*/
|
||||
#if LIBCURL_VERSION_NUM >= 0x072c00
|
||||
#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1
|
||||
#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1
|
||||
#endif
|
||||
|
||||
/**
|
||||
* CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015.
|
||||
*
|
||||
|
||||
11
http.c
11
http.c
@ -63,9 +63,7 @@ static char *ssl_key;
|
||||
static char *ssl_key_type;
|
||||
static char *ssl_capath;
|
||||
static char *curl_no_proxy;
|
||||
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||
static char *ssl_pinnedkey;
|
||||
#endif
|
||||
static char *ssl_cainfo;
|
||||
static long curl_low_speed_limit = -1;
|
||||
static long curl_low_speed_time = -1;
|
||||
@ -509,12 +507,7 @@ static int http_options(const char *var, const char *value,
|
||||
}
|
||||
|
||||
if (!strcmp("http.pinnedpubkey", var)) {
|
||||
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||
return git_config_pathname(&ssl_pinnedkey, var, value);
|
||||
#else
|
||||
warning(_("Public key pinning not supported with cURL < 7.39.0"));
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!strcmp("http.extraheader", var)) {
|
||||
@ -1104,10 +1097,8 @@ static CURL *get_curl_handle(void)
|
||||
curl_easy_setopt(result, CURLOPT_SSLKEYTYPE, ssl_key_type);
|
||||
if (ssl_capath)
|
||||
curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
|
||||
#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
|
||||
if (ssl_pinnedkey)
|
||||
curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
|
||||
#endif
|
||||
if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
|
||||
!http_schannel_use_ssl_cainfo) {
|
||||
curl_easy_setopt(result, CURLOPT_CAINFO, NULL);
|
||||
@ -1825,10 +1816,8 @@ static int handle_curl_result(struct slot_results *results)
|
||||
*/
|
||||
credential_reject(&cert_auth);
|
||||
return HTTP_NOAUTH;
|
||||
#ifdef GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH
|
||||
} else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) {
|
||||
return HTTP_NOMATCHPUBLICKEY;
|
||||
#endif
|
||||
} else if (missing_target(results))
|
||||
return HTTP_MISSING_TARGET;
|
||||
else if (results->http_code == 401) {
|
||||
|
||||
Reference in New Issue
Block a user