[v2,04/12] git-curl-compat: remove check for curl 7.39.0

Message ID	20241023004600.1645313-5-sandals@crustytoothpaste.net (mailing list archive)
State	New
Headers	show Received: from complex.crustytoothpaste.net (complex.crustytoothpaste.net [172.105.7.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42DF5168DA for <git@vger.kernel.org>; Wed, 23 Oct 2024 00:46:05 +0000 (UTC) From: "brian m. carlson" <sandals@crustytoothpaste.net> To: <git@vger.kernel.org> Cc: Junio C Hamano <gitster@pobox.com>, Taylor Blau <me@ttaylorr.com> Subject: [PATCH v2 04/12] git-curl-compat: remove check for curl 7.39.0 Date: Wed, 23 Oct 2024 00:45:52 +0000 Message-ID: <20241023004600.1645313-5-sandals@crustytoothpaste.net> In-Reply-To: <20241023004600.1645313-1-sandals@crustytoothpaste.net> References: <20241010235621.738239-1-sandals@crustytoothpaste.net> <20241023004600.1645313-1-sandals@crustytoothpaste.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Update versions of libcurl and Perl \| expand [v2,00/12] Update versions of libcurl and Perl [v2,01/12] git-curl-compat: remove check for curl 7.21.5 [v2,02/12] git-curl-compat: remove check for curl 7.25.0 [v2,03/12] git-curl-compat: remove check for curl 7.34.0 [v2,04/12] git-curl-compat: remove check for curl 7.39.0 [v2,05/12] git-curl-compat: remove check for curl 7.43.0 [v2,06/12] git-curl-compat: remove check for curl 7.44.0 [v2,07/12] git-curl-compat: remove check for curl 7.52.0 [v2,08/12] git-curl-compat: remove check for curl 7.53.0 [v2,09/12] git-curl-compat: remove check for curl 7.56.0 [v2,10/12] INSTALL: document requirement for libcurl 7.61.0 [v2,11/12] Require Perl 5.26.0 [v2,12/12] gitweb: make use of s///r

Message ID

20241023004600.1645313-5-sandals@crustytoothpaste.net (mailing list archive)

State

New

Headers

From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>,
	Taylor Blau <me@ttaylorr.com>
Subject: [PATCH v2 04/12] git-curl-compat: remove check for curl 7.39.0
Date: Wed, 23 Oct 2024 00:45:52 +0000
Message-ID: <20241023004600.1645313-5-sandals@crustytoothpaste.net>
In-Reply-To: <20241023004600.1645313-1-sandals@crustytoothpaste.net>
References: <20241010235621.738239-1-sandals@crustytoothpaste.net>
 <20241023004600.1645313-1-sandals@crustytoothpaste.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Update versions of libcurl and Perl | expand

Commit Message

brian m. carlson Oct. 23, 2024, 12:45 a.m. UTC

libcurl 7.39.0 was released in November 2014, which is almost ten years
ago, and no major operating system vendor is still providing security
support for it.  Debian 9 and Ubuntu 16.04, both of which are out of
mainstream security support, have supported a newer version, and RHEL 8,
which is still in support, also has a newer version.

Remove the check for this version and use this functionality
unconditionally.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
 git-curl-compat.h |  9 ---------
 http.c            | 11 -----------
 2 files changed, 20 deletions(-)

diff --git a/git-curl-compat.h b/git-curl-compat.h
index 21306fa88f..b301ef154c 100644
--- a/git-curl-compat.h
+++ b/git-curl-compat.h
@@ -28,15 +28,6 @@ 
  * introduced, oldest first, in the official version of cURL library.
  */
 
-/**
- * CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November
- * 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version.
- */
-#if LIBCURL_VERSION_NUM >= 0x072c00
-#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1
-#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1
-#endif
-
 /**
  * CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015.
  *
diff --git a/http.c b/http.c
index ac4b98baa0..cdef059090 100644
--- a/http.c
+++ b/http.c
@@ -63,9 +63,7 @@  static char *ssl_key;
 static char *ssl_key_type;
 static char *ssl_capath;
 static char *curl_no_proxy;
-#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
 static char *ssl_pinnedkey;
-#endif
 static char *ssl_cainfo;
 static long curl_low_speed_limit = -1;
 static long curl_low_speed_time = -1;
@@ -509,12 +507,7 @@  static int http_options(const char *var, const char *value,
 	}
 
 	if (!strcmp("http.pinnedpubkey", var)) {
-#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
 		return git_config_pathname(&ssl_pinnedkey, var, value);
-#else
-		warning(_("Public key pinning not supported with cURL < 7.39.0"));
-		return 0;
-#endif
 	}
 
 	if (!strcmp("http.extraheader", var)) {
@@ -1104,10 +1097,8 @@  static CURL *get_curl_handle(void)
 		curl_easy_setopt(result, CURLOPT_SSLKEYTYPE, ssl_key_type);
 	if (ssl_capath)
 		curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
-#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY
 	if (ssl_pinnedkey)
 		curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
-#endif
 	if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
 	    !http_schannel_use_ssl_cainfo) {
 		curl_easy_setopt(result, CURLOPT_CAINFO, NULL);
@@ -1825,10 +1816,8 @@  static int handle_curl_result(struct slot_results *results)
 		 */
 		credential_reject(&cert_auth);
 		return HTTP_NOAUTH;
-#ifdef GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH
 	} else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) {
 		return HTTP_NOMATCHPUBLICKEY;
-#endif
 	} else if (missing_target(results))
 		return HTTP_MISSING_TARGET;
 	else if (results->http_code == 401) {

[v2,04/12] git-curl-compat: remove check for curl 7.39.0

Commit Message

Patch