* Cygwin git with schannel ("native Windows Secure Channel library")
@ 2019-12-20 1:52 Keith Thompson
2019-12-20 23:18 ` brian m. carlson
0 siblings, 1 reply; 4+ messages in thread
From: Keith Thompson @ 2019-12-20 1:52 UTC (permalink / raw)
To: git; +Cc: Keith Thompson
I've posted this on Stack Overflow
https://stackoverflow.com/q/59381061/827263
but I haven't gotten any responses yet.
When I install "Git for Windows" on Windows 10, the installation
wizard offers the choice of using either the OpenSSL library or the
"native Windows Secure Channel library". (Whether that's offered
seems to depend on what's available on the Windows 10 system.)
I believe this is referred to in the git sources as "schannel".
Is there a way to configure git under Cygwin to use the native
Windows Secure Channel library? An ideal solution would be a
modification to my .gitconfig, but something that lets me build git
(and possibly curl) from source would also be good. See my Stack
Overflow question for more details, including some things that I
tried that didn't work.
The problem I'm trying to solve: In my work environment, I can
use Cygwin git for local operations, but I have to use Windows git
for anything that talks to a remote (push, pull).I'd prefer to use
Cygwin git exclusively.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Cygwin git with schannel ("native Windows Secure Channel library") 2019-12-20 1:52 Cygwin git with schannel ("native Windows Secure Channel library") Keith Thompson @ 2019-12-20 23:18 ` brian m. carlson 2019-12-21 11:50 ` Beat Bolli 0 siblings, 1 reply; 4+ messages in thread From: brian m. carlson @ 2019-12-20 23:18 UTC (permalink / raw) To: Keith Thompson; +Cc: git [-- Attachment #1: Type: text/plain, Size: 1716 bytes --] On 2019-12-20 at 01:52:04, Keith Thompson wrote: > I've posted this on Stack Overflow > https://stackoverflow.com/q/59381061/827263 > but I haven't gotten any responses yet. > > When I install "Git for Windows" on Windows 10, the installation > wizard offers the choice of using either the OpenSSL library or the > "native Windows Secure Channel library". (Whether that's offered > seems to depend on what's available on the Windows 10 system.) > I believe this is referred to in the git sources as "schannel". > > Is there a way to configure git under Cygwin to use the native > Windows Secure Channel library? An ideal solution would be a > modification to my .gitconfig, but something that lets me build git > (and possibly curl) from source would also be good. See my Stack > Overflow question for more details, including some things that I > tried that didn't work. > > The problem I'm trying to solve: In my work environment, I can > use Cygwin git for local operations, but I have to use Windows git > for anything that talks to a remote (push, pull).I'd prefer to use > Cygwin git exclusively. I'm not 100% certain here, but I believe the answer is no. In order to use SChannel, you'll need to link against MSVCRT or a compatible runtime, but it's not possible to link against both that and Cygwin at the same time (probably because they both provide the same symbols). If your constraint is that you need to interact with the Windows certificate store or such, you could see if there's an OpenSSL or GnuTLS plugin that will do that for you and then build against that library or plugin. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 868 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Cygwin git with schannel ("native Windows Secure Channel library") 2019-12-20 23:18 ` brian m. carlson @ 2019-12-21 11:50 ` Beat Bolli 2019-12-21 23:13 ` Keith Thompson 0 siblings, 1 reply; 4+ messages in thread From: Beat Bolli @ 2019-12-21 11:50 UTC (permalink / raw) To: git On 21.12.19 00:18, brian m. carlson wrote: > On 2019-12-20 at 01:52:04, Keith Thompson wrote: >> I've posted this on Stack Overflow >> https://stackoverflow.com/q/59381061/827263 >> but I haven't gotten any responses yet. >> >> When I install "Git for Windows" on Windows 10, the installation >> wizard offers the choice of using either the OpenSSL library or the >> "native Windows Secure Channel library". (Whether that's offered >> seems to depend on what's available on the Windows 10 system.) >> I believe this is referred to in the git sources as "schannel". >> >> Is there a way to configure git under Cygwin to use the native >> Windows Secure Channel library? An ideal solution would be a >> modification to my .gitconfig, but something that lets me build git >> (and possibly curl) from source would also be good. See my Stack >> Overflow question for more details, including some things that I >> tried that didn't work. >> >> The problem I'm trying to solve: In my work environment, I can >> use Cygwin git for local operations, but I have to use Windows git >> for anything that talks to a remote (push, pull).I'd prefer to use >> Cygwin git exclusively. > > I'm not 100% certain here, but I believe the answer is no. In order to > use SChannel, you'll need to link against MSVCRT or a compatible > runtime, but it's not possible to link against both that and Cygwin at > the same time (probably because they both provide the same symbols). > > If your constraint is that you need to interact with the Windows > certificate store or such, you could see if there's an OpenSSL or GnuTLS > plugin that will do that for you and then build against that library or > plugin. There is the OpenSSL "CAPI" engine which interfaces with the Windows CryptoAPI. However, I don't know if the Cygwin OpenSSL build includes this engine. Cheers, Beat ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Cygwin git with schannel ("native Windows Secure Channel library") 2019-12-21 11:50 ` Beat Bolli @ 2019-12-21 23:13 ` Keith Thompson 0 siblings, 0 replies; 4+ messages in thread From: Keith Thompson @ 2019-12-21 23:13 UTC (permalink / raw) To: Beat Bolli; +Cc: brian m. carlson, git, Keith Thompson On Sat, Dec 21, 2019 at 3:51 AM Beat Bolli <dev+git@drbeat.li> wrote: > On 21.12.19 00:18, brian m. carlson wrote: > > On 2019-12-20 at 01:52:04, Keith Thompson wrote: > >> I've posted this on Stack Overflow > >> https://stackoverflow.com/q/59381061/827263 > >> but I haven't gotten any responses yet. > >> > >> When I install "Git for Windows" on Windows 10, the installation > >> wizard offers the choice of using either the OpenSSL library or the > >> "native Windows Secure Channel library". (Whether that's offered > >> seems to depend on what's available on the Windows 10 system.) > >> I believe this is referred to in the git sources as "schannel". > >> > >> Is there a way to configure git under Cygwin to use the native > >> Windows Secure Channel library? An ideal solution would be a > >> modification to my .gitconfig, but something that lets me build git > >> (and possibly curl) from source would also be good. See my Stack > >> Overflow question for more details, including some things that I > >> tried that didn't work. > >> > >> The problem I'm trying to solve: In my work environment, I can > >> use Cygwin git for local operations, but I have to use Windows git > >> for anything that talks to a remote (push, pull).I'd prefer to use > >> Cygwin git exclusively. > > > > I'm not 100% certain here, but I believe the answer is no. In order to > > use SChannel, you'll need to link against MSVCRT or a compatible > > runtime, but it's not possible to link against both that and Cygwin at > > the same time (probably because they both provide the same symbols). > > > > If your constraint is that you need to interact with the Windows > > certificate store or such, you could see if there's an OpenSSL or GnuTLS > > plugin that will do that for you and then build against that library or > > plugin. > > There is the OpenSSL "CAPI" engine which interfaces with the Windows > CryptoAPI. However, I don't know if the Cygwin OpenSSL build includes > this engine. That's interesting. I just tried building OpenSSL from source on Cygwin (openssl-1.1.1d.tar.gz). It installed lib/engines-1.1/capi.dll under the installation directory, and I see references to capi in the output of "make". The Cygwin-installed OpenSSL (currently 1.1.1d) doesn't provide that file. I don't know whether or not that means the Cygwin-installed OpenSSL doesn't support CAPI. Is there an openssl command I can run to tell whether it supports CAPI? (Disclaimer: I had never heard of CAPI before.) With both the Cygwin-installed OpenSSL and the one I built from source, I get: $ openssl engine capi 25769803792:error:260B606D:engine routines:dynamic_load:init failed:crypto/engine/eng_dyn.c:485: 25769803792:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:334:id=capi *Maybe* if I compile OpenSSL from source, then compile curl from source using my compiled OpenSSL, then compile Windows Git from source using my compiled OpenSSL and curl, it *might* work? It's worth a shot. And if the Cygwin-installed OpenSSL doesn't support CAPI, I wonder why it doesn't. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-12-21 23:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-20 1:52 Cygwin git with schannel ("native Windows Secure Channel library") Keith Thompson
2019-12-20 23:18 ` brian m. carlson
2019-12-21 11:50 ` Beat Bolli
2019-12-21 23:13 ` Keith Thompson
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).