From: Stanislav M <stanislav.malishevskiy@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Jeff King <peff@peff.net>,
Stanislav Malishevskiy via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org,
Stanislav Malishevskiy <s.malishevskiy@auriga.com>
Subject: Re: [PATCH v2] http: add support for different sslcert and sslkey types.
Date: Wed, 29 Mar 2023 22:22:22 +0300 [thread overview]
Message-ID: <CAEpdKfnewLsUA37V1-mAW9T+LB1g-PkgjCHY1pxjsff+otZa-A@mail.gmail.com> (raw)
In-Reply-To: <xmqqfs9n9yp4.fsf@gitster.g>
Yes. If you set bogus strings in the environment cURL should return
an error the same as if you set the wrong file for certificate or key.
So you can set
GIT_SSL_CERT=some_real_pem_file - That should work (PEM type used by default)
GIT_SSL_CERT=some_real_pem_file GIT_SSL_CERT_TYPE=PEM - That should work too
GIT_SSL_CERT=some_real_pem_file GIT_SSL_CERT_TYPE=Bogus - That shouldn't work
GIT_SSL_CERT=some_real_der_file GIT_SSL_CERT_TYPE=DER - I am not sure
about that, because as I far remember there issue with DER in openssl
I think that more detailed information there:
https://curl.se/libcurl/c/CURLOPT_SSLKEYTYPE.html
Basically that only a format of cert and key file or engine in case of
pkcs11 url instead of file in others cases.
So if you set it into right values, respect your ssl cert and ssl key
- https should work. But if not, error from curl should returned
ср, 29 мар. 2023 г. в 21:53, Junio C Hamano <gitster@pobox.com>:
>
> Stanislav M <stanislav.malishevskiy@gmail.com> writes:
>
> [administrivia: do not top-post]
>
> >> Yes, but I'm not sure if there is a way for Git to trigger curl to look
> >> at the certificate that does not involve feeding it an https URL (and we
> >> want a valid one, because we want to see that it correctly speaks to the
> >> server).
> > ...
> > In my opinion they need the same set of tests which is used as usual
> > for https. But use the right certificate and key.
> > But I don't have any idea how to do that with hardware usb eToken in my case.
>
> OK, so where does this put us, with respect to the change? We have
> some behaviour change that we do not know how to test? How would we
> know when we break it in the future? It is not like the new feature
> is not useful enough that nobody would care if it gets broken by
> accident or anything like that, so...?
>
> At least perhaps we can throw bogus strings in the environment and
> make sure cURL library gives complaints, or something?
>
> Thanks.
next prev parent reply other threads:[~2023-03-29 19:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-19 13:51 [PATCH] That change for support different sslcert and sslkey types Stanislav Malishevskiy via GitGitGadget
2023-03-20 15:48 ` [PATCH v2] http: add support for " Stanislav Malishevskiy via GitGitGadget
2023-03-20 17:10 ` Jeff King
2023-03-20 18:21 ` Stanislav M
2023-03-21 17:22 ` Jeff King
2023-03-20 17:23 ` Junio C Hamano
2023-03-20 18:24 ` Stanislav M
2023-03-21 17:22 ` Jeff King
2023-03-21 17:43 ` Junio C Hamano
2023-03-23 9:33 ` Stanislav M
2023-03-23 18:01 ` Jeff King
2023-03-23 18:16 ` Stanislav M
2023-03-29 18:53 ` Junio C Hamano
2023-03-29 19:22 ` Stanislav M [this message]
2023-03-29 23:23 ` Jeff King
2023-03-30 0:20 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEpdKfnewLsUA37V1-mAW9T+LB1g-PkgjCHY1pxjsff+otZa-A@mail.gmail.com \
--to=stanislav.malishevskiy@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=s.malishevskiy@auriga.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).