* [PATCH] Allow use of TLS 1.3
@ 2018-03-23 18:25 Loganaden Velvindron
2018-03-23 18:37 ` Ævar Arnfjörð Bjarmason
0 siblings, 1 reply; 4+ messages in thread
From: Loganaden Velvindron @ 2018-03-23 18:25 UTC (permalink / raw)
To: git
Done during IETF 101 hackathon
Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
---
Documentation/config.txt | 1 +
http.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index ce9102cea..f31d62772 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1957,6 +1957,7 @@ http.sslVersion::
- tlsv1.0
- tlsv1.1
- tlsv1.2
+ - tlsv1.3
+
Can be overridden by the `GIT_SSL_VERSION` environment variable.
diff --git a/http.c b/http.c
index 8c11156ae..666fe31f3 100644
--- a/http.c
+++ b/http.c
@@ -61,6 +61,9 @@ static struct {
{ "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
+#if LIBCURL_VERSION_NUM >= 0x075200
+ { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
+#endif
#endif
};
#if LIBCURL_VERSION_NUM >= 0x070903
--
2.16.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow use of TLS 1.3
2018-03-23 18:25 [PATCH] Allow use of TLS 1.3 Loganaden Velvindron
@ 2018-03-23 18:37 ` Ævar Arnfjörð Bjarmason
2018-03-23 18:39 ` Loganaden Velvindron
0 siblings, 1 reply; 4+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2018-03-23 18:37 UTC (permalink / raw)
To: Loganaden Velvindron; +Cc: git
On Fri, Mar 23 2018, Loganaden Velvindron wrote:
> Done during IETF 101 hackathon
Hi. Thanks. Let's add a meaningful commit message to this though,
something like:
Add a tlsv1.3 option to http.sslVersion in addition to the existing
tlsv1.[012] options. libcurl has supported this since 7.52.0.
> --- a/http.c
> +++ b/http.c
> @@ -61,6 +61,9 @@ static struct {
> { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
> { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
> { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
> +#if LIBCURL_VERSION_NUM >= 0x075200
> + { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
> +#endif
I wonder if this wouldn't be better as:
+#ifdef CURL_SSLVERSION_TLSv1_3
+ { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
+#endif
We've been bitten before by doing version checks on libcurl code, only
to find that some distros are actively backporting features, so checking
the specific macros is usually better.
> #endif
> };
> #if LIBCURL_VERSION_NUM >= 0x070903
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow use of TLS 1.3
2018-03-23 18:37 ` Ævar Arnfjörð Bjarmason
@ 2018-03-23 18:39 ` Loganaden Velvindron
2018-03-23 23:37 ` Johannes Schindelin
0 siblings, 1 reply; 4+ messages in thread
From: Loganaden Velvindron @ 2018-03-23 18:39 UTC (permalink / raw)
To: Ævar Arnfjörð Bjarmason; +Cc: git
On Fri, Mar 23, 2018 at 07:37:08PM +0100, Ævar Arnfjörð Bjarmason wrote:
>
> On Fri, Mar 23 2018, Loganaden Velvindron wrote:
>
> > Done during IETF 101 hackathon
>
> Hi. Thanks. Let's add a meaningful commit message to this though,
> something like:
>
> Add a tlsv1.3 option to http.sslVersion in addition to the existing
> tlsv1.[012] options. libcurl has supported this since 7.52.0.
Looks good to me.
>
> > --- a/http.c
> > +++ b/http.c
> > @@ -61,6 +61,9 @@ static struct {
> > { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
> > { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
> > { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
> > +#if LIBCURL_VERSION_NUM >= 0x075200
> > + { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
> > +#endif
>
> I wonder if this wouldn't be better as:
>
> +#ifdef CURL_SSLVERSION_TLSv1_3
> + { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
> +#endif
>
> We've been bitten before by doing version checks on libcurl code, only
> to find that some distros are actively backporting features, so checking
> the specific macros is usually better.
This looks good to me as well. I will send Patch v2, with the suggestions.
>
> > #endif
> > };
> > #if LIBCURL_VERSION_NUM >= 0x070903
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow use of TLS 1.3
2018-03-23 18:39 ` Loganaden Velvindron
@ 2018-03-23 23:37 ` Johannes Schindelin
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Schindelin @ 2018-03-23 23:37 UTC (permalink / raw)
To: Loganaden Velvindron; +Cc: Ævar Arnfjörð Bjarmason, git
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
Hi,
On Fri, 23 Mar 2018, Loganaden Velvindron wrote:
> On Fri, Mar 23, 2018 at 07:37:08PM +0100, Ævar Arnfjörð Bjarmason wrote:
> >
> > On Fri, Mar 23 2018, Loganaden Velvindron wrote:
> >
> > > Done during IETF 101 hackathon
> >
> > Hi. Thanks. Let's add a meaningful commit message to this though,
> > something like:
> >
> > Add a tlsv1.3 option to http.sslVersion in addition to the existing
> > tlsv1.[012] options. libcurl has supported this since 7.52.0.
Can we please also add that OpenSSL 1.1.* is required (or that cURL is
built with NSS or BoringSSL as the TLS backend)?
Thanks,
Johannes
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-03-23 23:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-23 18:25 [PATCH] Allow use of TLS 1.3 Loganaden Velvindron
2018-03-23 18:37 ` Ævar Arnfjörð Bjarmason
2018-03-23 18:39 ` Loganaden Velvindron
2018-03-23 23:37 ` Johannes Schindelin
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).