Re: js/mingw-http-ssl, was Re: What's cooking in git.git (Oct 2018, #05; Fri, 26)
- Date: Mon, 29 Oct 2018 14:22:16 +0100 (STD)
- From: Johannes Schindelin <Johannes.Schindelin@xxxxxx>
- Subject: Re: js/mingw-http-ssl, was Re: What's cooking in git.git (Oct 2018, #05; Fri, 26)
On Fri, 26 Oct 2018, Junio C Hamano wrote:
> Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes:
> > On Fri, 26 Oct 2018, Junio C Hamano wrote:
> >> * js/mingw-http-ssl (2018-10-26) 3 commits
> >> (merged to 'next' on 2018-10-26 at 318e82e101)
> >> + http: when using Secure Channel, ignore sslCAInfo by default
> >> + http: add support for disabling SSL revocation checks in cURL
> >> + http: add support for selecting SSL backends at runtime
> >> (this branch is used by jc/http-curlver-warnings.)
> >> On Windows with recent enough cURL library, the configuration
> >> variable http.sslBackend can be used to choose between OpenSSL and
> >> Secure Channel at runtime as the SSL backend while talking over
> >> the HTTPS protocol.
> > Just a quick clarification: the http.sslBackend feature is in no way
> > Windows-only. Sure, it was championed there, and sure, we had the first
> > multi-ssl-capable libcurl, but this feature applies to all libcurl
> > versions that are built with multiple SSL/TLS backends.
> Yeah, but "http.sslBackend can be used to choose betnween OpenSSL
> and Scure Channel" applies only to Windows (especially the "between
> A and B" part, when B is Windows only), right? I had a hard time
> coming up with a phrasing to summarize what the immediate merit
> users would get from the topic in a simple paragraph.
On Linux, with an appropriately built libcurl, you can use http.sslBackend
to choose between OpenSSL, GNU TLS, NSS and mbedTLS.
> > The two patches on top are Windows-only, of course, as they really apply
> > only to the Secure Channel backend (which *is* Windows-only).
> Yes, that is why the summary for the topic as a whole focuses on
> Windows, as that is the primary audience who would benefit from the
In contrast, I think that the main purpose of this patch series is to
bring http.sslBackend to everybody. And then we also include fall-out
patches that are Windows-only. :-)