From: Junio C Hamano <gitster@pobox.com>
To: Eric Sunshine <sunshine@sunshineco.com>
Cc: gitgitgadget@gmail.com, Git List <git@vger.kernel.org>,
github@brendanforster.com
Subject: Re: [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL
Date: Thu, 25 Oct 2018 12:18:37 +0900 [thread overview]
Message-ID: <xmqqzhv2lnn6.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <CAPig+cQFb3S0Lm+huUZDN4aw9rWwinh0iZp12ss1zVKpJ=2MdA@mail.gmail.com> (Eric Sunshine's message of "Mon, 15 Oct 2018 10:10:32 -0400")
Eric Sunshine <sunshine@sunshineco.com> writes:
> On Mon, Oct 15, 2018 at 6:14 AM Brendan Forster via GitGitGadget
> <gitgitgadget@gmail.com> wrote:
>> This config value is only used if http.sslBackend is set to "schannel",
>> which forces cURL to use the Windows Certificate Store when validating
>> server certificates associated with a remote server.
>>
>> This is only supported in cURL 7.44 or later.
>> [...]
>> Signed-off-by: Brendan Forster <github@brendanforster.com>
>> ---
>> diff --git a/http.c b/http.c
>> @@ -811,6 +818,16 @@ static CURL *get_curl_handle(void)
>> + if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
>> + !http_schannel_check_revoke) {
>> +#if LIBCURL_VERSION_NUM >= 0x072c00
>> + curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
>> +#else
>> + warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
>> + "your curl version is too old (>= 7.44.0)");
>
> This message is confusing. If your curl is too old, shouldn't the ">=" be a "<"?
I do not think I saw any update to correct this, and worse yet I do
not offhand recall if there was any other issue raised on the
series.
So assuming that this is the only remaining one, I'll squash the
following to step 2/3 of this three-patch series and plan to merge
it down to 'next' in the coming few days.
I have a clean-up suggestion related to this but is orthogonal to
this three-patch series (after the fix-up is applied, anyway), which
I'll be sending out separately.
Thanks.
http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.c b/http.c
index 0ebf8f77a6..43e75ac583 100644
--- a/http.c
+++ b/http.c
@@ -835,7 +835,7 @@ static CURL *get_curl_handle(void)
curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
#else
warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
- "your curl version is too old (>= 7.44.0)");
+ "your curl version is too old (< 7.44.0)");
#endif
}
--
2.19.1-542-gc4df23f792
next prev parent reply other threads:[~2018-10-25 3:18 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-15 10:14 [PATCH 0/3] Allow choosing the SSL backend cURL uses (plus related patches) Johannes Schindelin via GitGitGadget
2018-10-15 10:14 ` [PATCH 1/3] http: add support for selecting SSL backends at runtime Johannes Schindelin via GitGitGadget
2018-10-15 14:06 ` Eric Sunshine
2018-10-15 10:14 ` [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL Brendan Forster via GitGitGadget
2018-10-15 14:10 ` Eric Sunshine
2018-10-16 12:21 ` Johannes Schindelin
2018-10-25 3:18 ` Junio C Hamano [this message]
2018-10-25 3:29 ` [PATCH] http: give curl version warnings consistently Junio C Hamano
2018-10-25 6:23 ` Jeff King
2018-10-25 19:00 ` Johannes Schindelin
2018-10-26 4:39 ` Junio C Hamano
2018-10-25 12:12 ` [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL Johannes Schindelin
2018-10-16 4:23 ` Junio C Hamano
2018-10-16 6:33 ` Jeff King
2018-10-16 12:25 ` Johannes Schindelin
2018-10-16 15:28 ` Jeff King
2018-10-16 12:22 ` Johannes Schindelin
2018-10-18 1:53 ` Junio C Hamano
2018-10-25 18:52 ` Johannes Schindelin
2018-10-26 4:41 ` Junio C Hamano
2018-10-15 10:14 ` [PATCH 3/3] http: when using Secure Channel, ignore sslCAInfo by default Johannes Schindelin via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 0/3] Allow choosing the SSL backend cURL uses (plus related patches) Johannes Schindelin via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 1/3] http: add support for selecting SSL backends at runtime Johannes Schindelin via GitGitGadget
2018-12-13 9:33 ` Ævar Arnfjörð Bjarmason
2018-12-13 13:08 ` Johannes Schindelin
2018-12-13 13:15 ` Johannes Schindelin
2018-10-25 18:53 ` [PATCH v2 2/3] http: add support for disabling SSL revocation checks in cURL Brendan Forster via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 3/3] http: when using Secure Channel, ignore sslCAInfo by default Johannes Schindelin via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqzhv2lnn6.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=github@brendanforster.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).