global/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-03-05 14:59:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
seen
git/Documentation/config/sendemail.adoc
David Timber a8215a2051 send-email: add client certificate options 
For SMTP servers that do "mutual certificate verification", the mail
client is required to present its own TLS certificate as well. This
patch adds --smtp-ssl-client-cert and --smtp-ssl-client-key for such
servers.

The problem of which private key for the certificate is chosen arises
when there are private keys in both the certificate and private key
file. According to the documentation of IO::Socket::SSL(link supplied),
the behaviour(the private key chosen) depends on the format of the
certificate. In a nutshell,

	- PKCS12: the key in the cert always takes the precedence
	- PEM: if the key file is not given, it will "try" to read one
	  from the cert PEM file

Many users may find this discrepancy unintuitive.

In terms of client certificate, git-send-email is implemented in a way
that what's possible with perl's SSL library is exposed to the user as
much as possible. In this instance, the user may choose to use a PEM
file that contains both certificate and private key should be
at their discretion despite the implications.

Link: https://metacpan.org/pod/IO::Socket::SSL#SSL_cert_file-%7C-SSL_cert-%7C-SSL_key_file-%7C-SSL_key
Link: https://lore.kernel.org/all/319bf98c-52df-4bf9-b157-e4bc2bf087d6@dev.snart.me/

Signed-off-by: David Timber <dxdt@dev.snart.me>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2026-03-02 08:39:26 -08:00

139 lines
5.2 KiB
Plaintext
Raw Permalink Blame History

sendemail.identity::
A configuration identity. When given, causes values in the
`sendemail.<identity>` subsection to take precedence over
values in the `sendemail` section. The default identity is
the value of `sendemail.identity`.
sendemail.smtpEncryption::
See linkgit:git-send-email[1] for description. Note that this
setting is not subject to the `identity` mechanism.
sendemail.smtpSSLCertPath::
Path to ca-certificates (either a directory or a single file).
Set it to an empty string to disable certificate verification.
sendemail.smtpSSLClientCert::
Path to the client certificate file to present if requested by the
server. This is required when the server is set up to verify client
certificates. If the corresponding private key is not included in the
file, it must be supplied using `sendemail.smtpSSLClientKey` or the
`--smtp-ssl-client-key` option.
sendemail.smtpSSLClientKey::
Path to the client private key file that corresponds to the client
certificate. To avoid misconfiguration, this configuration must be used
in conjunction with `sendemail.smtpSSLClientKey` or the
`--smtp-ssl-client-cert` option. If the client key is included in the
client certificate, the choice of private key depends on the format of
the certificate. Visit https://metacpan.org/pod/IO::Socket::SSL for more
details.
sendemail.<identity>.*::
Identity-specific versions of the `sendemail.*` parameters
found below, taking precedence over those when this
identity is selected, through either the command-line or
`sendemail.identity`.
sendemail.multiEdit::
If `true` (default), a single editor instance will be spawned to edit
files you have to edit (patches when `--annotate` is used, and the
summary when `--compose` is used). If `false`, files will be edited one
after the other, spawning a new editor each time.
sendemail.confirm::
Sets the default for whether to confirm before sending. Must be
one of `always`, `never`, `cc`, `compose`, or `auto`. See `--confirm`
in the linkgit:git-send-email[1] documentation for the meaning of these
values.
sendemail.mailmap::
If `true`, makes linkgit:git-send-email[1] assume `--mailmap`,
otherwise assume `--no-mailmap`. `False` by default.
sendemail.mailmap.file::
The location of a linkgit:git-send-email[1] specific augmenting
mailmap file. The default mailmap and `mailmap.file` are loaded
first. Thus, entries in this file take precedence over entries in
the default mailmap locations. See linkgit:gitmailmap[5].
sendemail.mailmap.blob::
Like `sendemail.mailmap.file`, but consider the value as a reference
to a blob in the repository. Entries in `sendemail.mailmap.file`
take precedence over entries here. See linkgit:gitmailmap[5].
sendemail.aliasesFile::
To avoid typing long email addresses, point this to one or more
email aliases files. You must also supply `sendemail.aliasFileType`.
sendemail.aliasFileType::
Format of the file(s) specified in sendemail.aliasesFile. Must be
one of `mutt`, `mailrc`, `pine`, `elm`, `gnus`, or `sendmail`.
+
What an alias file in each format looks like can be found in
the documentation of the email program of the same name. The
differences and limitations from the standard formats are
described below:
+
--
sendmail;;
* Quoted aliases and quoted addresses are not supported: lines that
contain a `"` symbol are ignored.
* Redirection to a file (`/path/name`) or pipe (`|command`) is not
supported.
* File inclusion (`:include: /path/name`) is not supported.
* Warnings are printed on the standard error output for any
explicitly unsupported constructs, and any other lines that are not
recognized by the parser.
--
sendemail.annotate::
sendemail.bcc::
sendemail.cc::
sendemail.ccCmd::
sendemail.chainReplyTo::
sendemail.envelopeSender::
sendemail.from::
sendemail.headerCmd::
sendemail.signedOffByCc::
sendemail.smtpPass::
sendemail.suppressCc::
sendemail.suppressFrom::
sendemail.to::
sendemail.toCmd::
sendemail.smtpDomain::
sendemail.smtpServer::
sendemail.smtpServerPort::
sendemail.smtpServerOption::
sendemail.smtpUser::
sendemail.imapSentFolder::
sendemail.useImapOnly::
sendemail.thread::
sendemail.transferEncoding::
sendemail.validate::
sendemail.xmailer::
These configuration variables all provide a default for
linkgit:git-send-email[1] command-line options. See its
documentation for details.
sendemail.outlookidfix::
If `true`, makes linkgit:git-send-email[1] assume `--outlook-id-fix`,
and if `false` assume `--no-outlook-id-fix`. If not specified, it will
behave the same way as if `--outlook-id-fix` is not specified.
sendemail.signedOffCc (deprecated)::
Deprecated alias for `sendemail.signedOffByCc`.
sendemail.smtpBatchSize::
Number of messages to be sent per connection, after that a relogin
will happen. If the value is `0` or undefined, send all messages in
one connection.
See also the `--batch-size` option of linkgit:git-send-email[1].
sendemail.smtpReloginDelay::
Seconds to wait before reconnecting to the smtp server.
See also the `--relogin-delay` option of linkgit:git-send-email[1].
sendemail.forbidSendmailVariables::
To avoid common misconfiguration mistakes, linkgit:git-send-email[1]
will abort with a warning if any configuration options for `sendmail`
exist. Set this variable to bypass the check.
Reference in New Issue View Git Blame Copy Permalink