Web lists-archives.com

Re: js/mingw-http-ssl, was Re: What's cooking in git.git (Oct 2018, #05; Fri, 26)




Hi Junio,

On Fri, 26 Oct 2018, Junio C Hamano wrote:

> Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes:
> 
> > On Fri, 26 Oct 2018, Junio C Hamano wrote:
> >
> >> * js/mingw-http-ssl (2018-10-26) 3 commits
> >>   (merged to 'next' on 2018-10-26 at 318e82e101)
> >>  + http: when using Secure Channel, ignore sslCAInfo by default
> >>  + http: add support for disabling SSL revocation checks in cURL
> >>  + http: add support for selecting SSL backends at runtime
> >>  (this branch is used by jc/http-curlver-warnings.)
> >> 
> >>  On Windows with recent enough cURL library, the configuration
> >>  variable http.sslBackend can be used to choose between OpenSSL and
> >>  Secure Channel at runtime as the SSL backend while talking over
> >>  the HTTPS protocol.
> >
> > Just a quick clarification: the http.sslBackend feature is in no way
> > Windows-only.  Sure, it was championed there, and sure, we had the first
> > multi-ssl-capable libcurl, but this feature applies to all libcurl
> > versions that are built with multiple SSL/TLS backends.
> 
> Yeah, but "http.sslBackend can be used to choose betnween OpenSSL
> and Scure Channel" applies only to Windows (especially the "between
> A and B" part, when B is Windows only), right?  I had a hard time
> coming up with a phrasing to summarize what the immediate merit
> users would get from the topic in a simple paragraph.

On Linux, with an appropriately built libcurl, you can use http.sslBackend
to choose between OpenSSL, GNU TLS, NSS and mbedTLS.

> > The two patches on top are Windows-only, of course, as they really apply
> > only to the Secure Channel backend (which *is* Windows-only).
> 
> Yes, that is why the summary for the topic as a whole focuses on
> Windows, as that is the primary audience who would benefit from the
> topic.

In contrast, I think that the main purpose of this patch series is to
bring http.sslBackend to everybody. And then we also include fall-out
patches that are Windows-only. :-)

Ciao,
Dscho