From: Jeff King <peff@peff.net>
To: John Szakmeister <john@szakmeister.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] http: store credential when PKI auth is used
Date: Thu, 11 Mar 2021 20:24:36 -0500 [thread overview]
Message-ID: <YErC1LIaxomLd3Gu@coredump.intra.peff.net> (raw)
In-Reply-To: <CAEBDL5U=BxHzYWmG2Cpw+XcMJTF8_Qp0KXoKz6N+fHp1ZWdbRQ@mail.gmail.com>
On Thu, Mar 11, 2021 at 08:01:53PM -0500, John Szakmeister wrote:
> > - I think proxy_cert_auth would probably want the same treatment.
>
> Oh, I think I misread this before making my fixes. I think what you're
> saying here is that proxy_cert_auth should be approved and rejected
> in the same spots as the client cert auth? I missed that but am happy
> to add it, if that's what you meant. The only trouble is that I don't have
> a great way of checking that particular feature.
Yep, that's what I meant. Looking at CURLE_SSL_* in curl.h, it looks
like there's no way to distinguish a proxy cert problem from a regular
cert problem. So probably we'd need to reject both when we see
CURLE_SSL_CERTPROBLEM. As long as somebody is not using both at once, it
would not matter at all. And even if they are, the worst case is having
to put in their password again.
That said, given that nobody has asked for it and you have no easy way
of testing it, I'm content to leave it be for now. Your patches
shouldn't make anything worse there, and it shouldn't be too hard to
find this discussion in the list archive later.
-Peff
prev parent reply other threads:[~2021-03-12 1:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-06 22:52 [PATCH] http: store credential when PKI auth is used John Szakmeister
2021-03-10 20:01 ` Jeff King
2021-03-12 1:01 ` John Szakmeister
2021-03-12 1:24 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YErC1LIaxomLd3Gu@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=john@szakmeister.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).