From: Junio C Hamano <gitster@pobox.com>
To: Eric Sunshine <sunshine@sunshineco.com>
Cc: gitgitgadget@gmail.com, Git List <git@vger.kernel.org>,
github@brendanforster.com
Subject: Re: [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL
Date: Thu, 25 Oct 2018 12:18:37 +0900 [thread overview]
Message-ID: <xmqqzhv2lnn6.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <CAPig+cQFb3S0Lm+huUZDN4aw9rWwinh0iZp12ss1zVKpJ=2MdA@mail.gmail.com> (Eric Sunshine's message of "Mon, 15 Oct 2018 10:10:32 -0400")
Eric Sunshine <sunshine@sunshineco.com> writes:
> On Mon, Oct 15, 2018 at 6:14 AM Brendan Forster via GitGitGadget
> <gitgitgadget@gmail.com> wrote:
>> This config value is only used if http.sslBackend is set to "schannel",
>> which forces cURL to use the Windows Certificate Store when validating
>> server certificates associated with a remote server.
>>
>> This is only supported in cURL 7.44 or later.
>> [...]
>> Signed-off-by: Brendan Forster <github@brendanforster.com>
>> ---
>> diff --git a/http.c b/http.c
>> @@ -811,6 +818,16 @@ static CURL *get_curl_handle(void)
>> + if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
>> + !http_schannel_check_revoke) {
>> +#if LIBCURL_VERSION_NUM >= 0x072c00
>> + curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
>> +#else
>> + warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
>> + "your curl version is too old (>= 7.44.0)");
>
> This message is confusing. If your curl is too old, shouldn't the ">=" be a "<"?
I do not think I saw any update to correct this, and worse yet I do
not offhand recall if there was any other issue raised on the
series.
So assuming that this is the only remaining one, I'll squash the
following to step 2/3 of this three-patch series and plan to merge
it down to 'next' in the coming few days.
I have a clean-up suggestion related to this but is orthogonal to
this three-patch series (after the fix-up is applied, anyway), which
I'll be sending out separately.
Thanks.
http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.c b/http.c
index 0ebf8f77a6..43e75ac583 100644
--- a/http.c
+++ b/http.c
@@ -835,7 +835,7 @@ static CURL *get_curl_handle(void)
curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
#else
warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
- "your curl version is too old (>= 7.44.0)");
+ "your curl version is too old (< 7.44.0)");
#endif
}
--
2.19.1-542-gc4df23f792
next prev parent reply other threads:[~2018-10-25 3:18 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-15 10:14 [PATCH 0/3] Allow choosing the SSL backend cURL uses (plus related patches) Johannes Schindelin via GitGitGadget
2018-10-15 10:14 ` [PATCH 1/3] http: add support for selecting SSL backends at runtime Johannes Schindelin via GitGitGadget
2018-10-15 14:06 ` Eric Sunshine
2018-10-15 10:14 ` [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL Brendan Forster via GitGitGadget
2018-10-15 14:10 ` Eric Sunshine
2018-10-16 12:21 ` Johannes Schindelin
2018-10-25 3:18 ` Junio C Hamano [this message]
2018-10-25 3:29 ` [PATCH] http: give curl version warnings consistently Junio C Hamano
2018-10-25 6:23 ` Jeff King
2018-10-25 19:00 ` Johannes Schindelin
2018-10-26 4:39 ` Junio C Hamano
2018-10-25 12:12 ` [PATCH 2/3] http: add support for disabling SSL revocation checks in cURL Johannes Schindelin
2018-10-16 4:23 ` Junio C Hamano
2018-10-16 6:33 ` Jeff King
2018-10-16 12:25 ` Johannes Schindelin
2018-10-16 15:28 ` Jeff King
2018-10-16 12:22 ` Johannes Schindelin
2018-10-18 1:53 ` Junio C Hamano
2018-10-25 18:52 ` Johannes Schindelin
2018-10-26 4:41 ` Junio C Hamano
2018-10-15 10:14 ` [PATCH 3/3] http: when using Secure Channel, ignore sslCAInfo by default Johannes Schindelin via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 0/3] Allow choosing the SSL backend cURL uses (plus related patches) Johannes Schindelin via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 1/3] http: add support for selecting SSL backends at runtime Johannes Schindelin via GitGitGadget
2018-12-13 9:33 ` Ævar Arnfjörð Bjarmason
2018-12-13 13:08 ` Johannes Schindelin
2018-12-13 13:15 ` Johannes Schindelin
2018-10-25 18:53 ` [PATCH v2 2/3] http: add support for disabling SSL revocation checks in cURL Brendan Forster via GitGitGadget
2018-10-25 18:53 ` [PATCH v2 3/3] http: when using Secure Channel, ignore sslCAInfo by default Johannes Schindelin via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqzhv2lnn6.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=github@brendanforster.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.