freshlybakedca.ke
Git fork
1http.proxy::
2 Override the HTTP proxy, normally configured using the 'http_proxy',
3 'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In
4 addition to the syntax understood by curl, it is possible to specify a
5 proxy string with a user name but no password, in which case git will
6 attempt to acquire one in the same way it does for other credentials. See
7 linkgit:gitcredentials[7] for more information. The syntax thus is
8 '[protocol://][user[:password]@]proxyhost[:port][/path]'. This can be
9 overridden on a per-remote basis; see remote.<name>.proxy
10+
11Any proxy, however configured, must be completely transparent and must not
12modify, transform, or buffer the request or response in any way. Proxies which
13are not completely transparent are known to cause various forms of breakage
14with Git.
15
16http.proxyAuthMethod::
17 Set the method with which to authenticate against the HTTP proxy. This
18 only takes effect if the configured proxy string contains a user name part
19 (i.e. is of the form 'user@host' or 'user@host:port'). This can be
20 overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`.
21 Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment
22 variable. Possible values are:
23+
24--
25* `anyauth` - Automatically pick a suitable authentication method. It is
26 assumed that the proxy answers an unauthenticated request with a 407
27 status code and one or more Proxy-authenticate headers with supported
28 authentication methods. This is the default.
29* `basic` - HTTP Basic authentication
30* `digest` - HTTP Digest authentication; this prevents the password from being
31 transmitted to the proxy in clear text
32* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option
33 of `curl(1)`)
34* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`)
35--
36
37http.proxySSLCert::
38 The pathname of a file that stores a client certificate to use to authenticate
39 with an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_CERT` environment
40 variable.
41
42http.proxySSLKey::
43 The pathname of a file that stores a private key to use to authenticate with
44 an HTTPS proxy. Can be overridden by the `GIT_PROXY_SSL_KEY` environment
45 variable.
46
47http.proxySSLCertPasswordProtected::
48 Enable Git's password prompt for the proxy SSL certificate. Otherwise OpenSSL
49 will prompt the user, possibly many times, if the certificate or private key
50 is encrypted. Can be overridden by the `GIT_PROXY_SSL_CERT_PASSWORD_PROTECTED`
51 environment variable.
52
53http.proxySSLCAInfo::
54 Pathname to the file containing the certificate bundle that should be used to
55 verify the proxy with when using an HTTPS proxy. Can be overridden by the
56 `GIT_PROXY_SSL_CAINFO` environment variable.
57
58http.emptyAuth::
59 Attempt authentication without seeking a username or password. This
60 can be used to attempt GSS-Negotiate authentication without specifying
61 a username in the URL, as libcurl normally requires a username for
62 authentication.
63
64http.proactiveAuth::
65 Attempt authentication without first making an unauthenticated attempt and
66 receiving a 401 response. This can be used to ensure that all requests are
67 authenticated. If `http.emptyAuth` is set to true, this value has no effect.
68+
69If the credential helper used specifies an authentication scheme (i.e., via the
70`authtype` field), that value will be used; if a username and password is
71provided without a scheme, then Basic authentication is used. The value of the
72option determines the scheme requested from the helper. Possible values are:
73+
74--
75* `basic` - Request Basic authentication from the helper.
76* `auto` - Allow the helper to pick an appropriate scheme.
77* `none` - Disable proactive authentication.
78--
79+
80Note that TLS should always be used with this configuration, since otherwise it
81is easy to accidentally expose plaintext credentials if Basic authentication
82is selected.
83
84http.delegation::
85 Control GSSAPI credential delegation. The delegation is disabled
86 by default in libcurl since version 7.21.7. Set parameter to tell
87 the server what it is allowed to delegate when it comes to user
88 credentials. Used with GSS/kerberos. Possible values are:
89+
90--
91* `none` - Don't allow any delegation.
92* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the
93 Kerberos service ticket, which is a matter of realm policy.
94* `always` - Unconditionally allow the server to delegate.
95--
96
97
98http.extraHeader::
99 Pass an additional HTTP header when communicating with a server. If
100 more than one such entry exists, all of them are added as extra
101 headers. To allow overriding the settings inherited from the system
102 config, an empty value will reset the extra headers to the empty list.
103
104http.cookieFile::
105 The pathname of a file containing previously stored cookie lines,
106 which should be used
107 in the Git http session, if they match the server. The file format
108 of the file to read cookies from should be plain HTTP headers or
109 the Netscape/Mozilla cookie file format (see `curl(1)`).
110 Set it to an empty string, to accept only new cookies from
111 the server and send them back in successive requests within same
112 connection.
113 NOTE that the file specified with http.cookieFile is used only as
114 input unless http.saveCookies is set.
115
116http.saveCookies::
117 If set, store cookies received during requests to the file specified by
118 http.cookieFile. Has no effect if http.cookieFile is unset, or set to
119 an empty string.
120
121http.version::
122 Use the specified HTTP protocol version when communicating with a server.
123 If you want to force the default. The available and default version depend
124 on libcurl. Currently the possible values of
125 this option are:
126
127 - HTTP/2
128 - HTTP/1.1
129
130http.curloptResolve::
131 Hostname resolution information that will be used first by
132 libcurl when sending HTTP requests. This information should
133 be in one of the following formats:
134
135 - [+]HOST:PORT:ADDRESS[,ADDRESS]
136 - -HOST:PORT
137
138+
139The first format redirects all requests to the given `HOST:PORT`
140to the provided `ADDRESS`(s). The second format clears all
141previous config values for that `HOST:PORT` combination. To
142allow easy overriding of all the settings inherited from the
143system config, an empty value will reset all resolution
144information to the empty list.
145
146http.sslVersion::
147 The SSL version to use when negotiating an SSL connection, if you
148 want to force the default. The available and default version
149 depend on whether libcurl was built against NSS or OpenSSL and the
150 particular configuration of the crypto library in use. Internally
151 this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl
152 documentation for more details on the format of this option and
153 for the ssl version supported. Currently the possible values of
154 this option are:
155
156 - sslv2
157 - sslv3
158 - tlsv1
159 - tlsv1.0
160 - tlsv1.1
161 - tlsv1.2
162 - tlsv1.3
163
164+
165Can be overridden by the `GIT_SSL_VERSION` environment variable.
166To force git to use libcurl's default ssl version and ignore any
167explicit http.sslversion option, set `GIT_SSL_VERSION` to the
168empty string.
169
170http.sslCipherList::
171 A list of SSL ciphers to use when negotiating an SSL connection.
172 The available ciphers depend on whether libcurl was built against
173 NSS or OpenSSL and the particular configuration of the crypto
174 library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST'
175 option; see the libcurl documentation for more details on the format
176 of this list.
177+
178Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable.
179To force git to use libcurl's default cipher list and ignore any
180explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the
181empty string.
182
183http.sslVerify::
184 Whether to verify the SSL certificate when fetching or pushing
185 over HTTPS. Defaults to true. Can be overridden by the
186 `GIT_SSL_NO_VERIFY` environment variable.
187
188http.sslCert::
189 File containing the SSL certificate when fetching or pushing
190 over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
191 variable.
192
193http.sslKey::
194 File containing the SSL private key when fetching or pushing
195 over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
196 variable.
197
198http.sslCertPasswordProtected::
199 Enable Git's password prompt for the SSL certificate. Otherwise
200 OpenSSL will prompt the user, possibly many times, if the
201 certificate or private key is encrypted. Can be overridden by the
202 `GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable.
203
204http.sslCAInfo::
205 File containing the certificates to verify the peer with when
206 fetching or pushing over HTTPS. Can be overridden by the
207 `GIT_SSL_CAINFO` environment variable.
208
209http.sslCAPath::
210 Path containing files with the CA certificates to verify the peer
211 with when fetching or pushing over HTTPS. Can be overridden
212 by the `GIT_SSL_CAPATH` environment variable.
213
214http.sslBackend::
215 Name of the SSL backend to use (e.g. "openssl" or "schannel").
216 This option is ignored if cURL lacks support for choosing the SSL
217 backend at runtime.
218
219http.sslCertType::
220 Type of client certificate used when fetching or pushing over HTTPS.
221 "PEM", "DER" are supported when using openssl or gnutls backends. "P12"
222 is supported on "openssl", "schannel", "securetransport", and gnutls 8.11+.
223 See also libcurl `CURLOPT_SSLCERTTYPE`. Can be overridden by the
224 `GIT_SSL_CERT_TYPE` environment variable.
225
226http.sslKeyType::
227 Type of client private key used when fetching or pushing over HTTPS. (e.g.
228 "PEM", "DER", or "ENG"). Only applicable when using "openssl" backend. "DER"
229 is not supported with openssl. Particularly useful when set to "ENG" for
230 authenticating with PKCS#11 tokens, with a PKCS#11 URL in sslCert option.
231 See also libcurl `CURLOPT_SSLKEYTYPE`. Can be overridden by the
232 `GIT_SSL_KEY_TYPE` environment variable.
233
234http.schannelCheckRevoke::
235 Used to enforce or disable certificate revocation checks in cURL
236 when http.sslBackend is set to "schannel". Defaults to `true` if
237 unset. Only necessary to disable this if Git consistently errors
238 and the message is about checking the revocation status of a
239 certificate. This option is ignored if cURL lacks support for
240 setting the relevant SSL option at runtime.
241
242http.schannelUseSSLCAInfo::
243 As of cURL v7.60.0, the Secure Channel backend can use the
244 certificate bundle provided via `http.sslCAInfo`, but that would
245 override the Windows Certificate Store. Since this is not desirable
246 by default, Git will tell cURL not to use that bundle by default
247 when the `schannel` backend was configured via `http.sslBackend`,
248 unless `http.schannelUseSSLCAInfo` overrides this behavior.
249
250http.pinnedPubkey::
251 Public key of the https service. It may either be the filename of
252 a PEM or DER encoded public key file or a string starting with
253 'sha256//' followed by the base64 encoded sha256 hash of the
254 public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will
255 exit with an error if this option is set but not supported by
256 cURL.
257
258http.sslTry::
259 Attempt to use AUTH SSL/TLS and encrypted data transfers
260 when connecting via regular FTP protocol. This might be needed
261 if the FTP server requires it for security reasons or you wish
262 to connect securely whenever remote FTP server supports it.
263 Default is false since it might trigger certificate verification
264 errors on misconfigured servers.
265
266http.maxRequests::
267 How many HTTP requests to launch in parallel. Can be overridden
268 by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5.
269
270http.minSessions::
271 The number of curl sessions (counted across slots) to be kept across
272 requests. They will not be ended with curl_easy_cleanup() until
273 http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this
274 value will be capped at 1. Defaults to 1.
275
276http.postBuffer::
277 Maximum size in bytes of the buffer used by smart HTTP
278 transports when POSTing data to the remote system.
279 For requests larger than this buffer size, HTTP/1.1 and
280 Transfer-Encoding: chunked is used to avoid creating a
281 massive pack file locally. Default is 1 MiB, which is
282 sufficient for most requests.
283+
284Note that raising this limit is only effective for disabling chunked
285transfer encoding and therefore should be used only where the remote
286server or a proxy only supports HTTP/1.0 or is noncompliant with the
287HTTP standard. Raising this is not, in general, an effective solution
288for most push problems, but can increase memory consumption
289significantly since the entire buffer is allocated even for small
290pushes.
291
292http.lowSpeedLimit::
293http.lowSpeedTime::
294 If the HTTP transfer speed, in bytes per second, is less than
295 'http.lowSpeedLimit' for longer than 'http.lowSpeedTime' seconds,
296 the transfer is aborted.
297 Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and
298 `GIT_HTTP_LOW_SPEED_TIME` environment variables.
299
300http.keepAliveIdle::
301 Specifies how long in seconds to wait on an idle connection
302 before sending TCP keepalive probes (if supported by the OS). If
303 unset, curl's default value is used. Can be overridden by the
304 `GIT_HTTP_KEEPALIVE_IDLE` environment variable.
305
306http.keepAliveInterval::
307 Specifies how long in seconds to wait between TCP keepalive
308 probes (if supported by the OS). If unset, curl's default value
309 is used. Can be overridden by the `GIT_HTTP_KEEPALIVE_INTERVAL`
310 environment variable.
311
312http.keepAliveCount::
313 Specifies how many TCP keepalive probes to send before giving up
314 and terminating the connection (if supported by the OS). If
315 unset, curl's default value is used. Can be overridden by the
316 `GIT_HTTP_KEEPALIVE_COUNT` environment variable.
317
318http.noEPSV::
319 A boolean which disables using of EPSV ftp command by curl.
320 This can be helpful with some "poor" ftp servers which don't
321 support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV`
322 environment variable. Default is false (curl will use EPSV).
323
324http.userAgent::
325 The HTTP USER_AGENT string presented to an HTTP server. The default
326 value represents the version of the Git client such as git/1.7.1.
327 This option allows you to override this value to a more common value
328 such as Mozilla/4.0. This may be necessary, for instance, if
329 connecting through a firewall that restricts HTTP connections to a set
330 of common USER_AGENT strings (but not including those like git/1.7.1).
331 Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable.
332
333http.followRedirects::
334 Whether git should follow HTTP redirects. If set to `true`, git
335 will transparently follow any redirect issued by a server it
336 encounters. If set to `false`, git will treat all redirects as
337 errors. If set to `initial`, git will follow redirects only for
338 the initial request to a remote, but not for subsequent
339 follow-up HTTP requests. Since git uses the redirected URL as
340 the base for the follow-up requests, this is generally
341 sufficient. The default is `initial`.
342
343http.<url>.*::
344 Any of the http.* options above can be applied selectively to some URLs.
345 For a config key to match a URL, each element of the config key is
346 compared to that of the URL, in the following order:
347+
348--
349. Scheme (e.g., `https` in `https://example.com/`). This field
350 must match exactly between the config key and the URL.
351
352. Host/domain name (e.g., `example.com` in `https://example.com/`).
353 This field must match between the config key and the URL. It is
354 possible to specify a `*` as part of the host name to match all subdomains
355 at this level. `https://*.example.com/` for example would match
356 `https://foo.example.com/`, but not `https://foo.bar.example.com/`.
357
358. Port number (e.g., `8080` in `http://example.com:8080/`).
359 This field must match exactly between the config key and the URL.
360 Omitted port numbers are automatically converted to the correct
361 default for the scheme before matching.
362
363. Path (e.g., `repo.git` in `https://example.com/repo.git`). The
364 path field of the config key must match the path field of the URL
365 either exactly or as a prefix of slash-delimited path elements. This means
366 a config key with path `foo/` matches URL path `foo/bar`. A prefix can only
367 match on a slash (`/`) boundary. Longer matches take precedence (so a config
368 key with path `foo/bar` is a better match to URL path `foo/bar` than a config
369 key with just path `foo/`).
370
371. User name (e.g., `user` in `https://user@example.com/repo.git`). If
372 the config key has a user name it must match the user name in the
373 URL exactly. If the config key does not have a user name, that
374 config key will match a URL with any user name (including none),
375 but at a lower precedence than a config key with a user name.
376--
377+
378The list above is ordered by decreasing precedence; a URL that matches
379a config key's path is preferred to one that matches its user name. For example,
380if the URL is `https://user@example.com/foo/bar` a config key match of
381`https://example.com/foo` will be preferred over a config key match of
382`https://user@example.com`.
383+
384All URLs are normalized before attempting any matching (the password part,
385if embedded in the URL, is always ignored for matching purposes) so that
386equivalent URLs that are simply spelled differently will match properly.
387Environment variable settings always override any matches. The URLs that are
388matched against are those given directly to Git commands. This means any URLs
389visited as a result of a redirection do not participate in matching.