From a36e5dca52a3780044668da3832e618ddf590496 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 19 Nov 2018 11:15:41 +0100 Subject: [PATCH] fixup! http: add support for disabling SSL revocation checks in cURL Revert this in preparation for applying the latest iteration of the patch. Signed-off-by: Johannes Schindelin --- Documentation/config.txt | 8 -------- http.c | 17 ----------------- 2 files changed, 25 deletions(-) diff --git a/Documentation/config.txt b/Documentation/config.txt index e107f4c1e2..c569e72859 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -2241,14 +2241,6 @@ http.sslBackend:: This option is ignored if cURL lacks support for choosing the SSL backend at runtime. -http.schannelCheckRevoke:: - Used to enforce or disable certificate revocation checks in cURL - when http.sslBackend is set to "schannel". Defaults to `true` if - unset. Only necessary to disable this if Git consistently errors - and the message is about checking the revocation status of a - certificate. This option is ignored if cURL lacks support for - setting the relevant SSL option at runtime. - http.pinnedpubkey:: Public key of the https service. It may either be the filename of a PEM or DER encoded public key file or a string starting with diff --git a/http.c b/http.c index 2ce2cd447b..fedfb2a207 100644 --- a/http.c +++ b/http.c @@ -157,8 +157,6 @@ static char *cached_accept_language; static char *http_ssl_backend; -static int http_schannel_check_revoke = 1; - size_t fread_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_) { size_t size = eltsize * nmemb; @@ -312,11 +310,6 @@ static int http_options(const char *var, const char *value, void *cb) return 0; } - if (!strcmp("http.schannelcheckrevoke", var)) { - http_schannel_check_revoke = git_config_bool(var, value); - return 0; - } - if (!strcmp("http.minsessions", var)) { min_curl_sessions = git_config_int(var, value); #ifndef USE_CURL_MULTI @@ -818,16 +811,6 @@ static CURL *get_curl_handle(void) } #endif - if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) && - !http_schannel_check_revoke) { -#if LIBCURL_VERSION_NUM >= 0x072c00 - curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE); -#else - warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n" - "your curl version is too old (>= 7.44.0)"); -#endif - } - if (http_proactive_auth) init_curl_http_auth(result);