From: Junio C Hamano <gitster@pobox.com>
To: Konstantin Khomoutov <flatworm@users.sourceforge.net>
Cc: Sergey Sharybin <sergey.vfx@gmail.com>, Git List <git@vger.kernel.org>
Subject: Re: git:// protocol over SSL/TLS
Date: Fri, 27 Dec 2013 14:21:31 -0800 [thread overview]
Message-ID: <7viouaj5p0.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20131227173655.3f3109e7ba848c90b302e2f9@domain007.com> (Konstantin Khomoutov's message of "Fri, 27 Dec 2013 17:36:55 +0400")
Konstantin Khomoutov <flatworm@users.sourceforge.net> writes:
> On Fri, 27 Dec 2013 18:59:00 +0600
> Sergey Sharybin <sergey.vfx@gmail.com> wrote:
>
>> Quick question is, is it possible to use git:// protocol over
>> SSL/TLS/other secure transport?
>
> The Git protocol does not implement it itself but you can channel it
> over a TLS tunnel (via stunnel for instance). Unfortunately, this
> means a specialized software and setup on both ends so if the question
> was about a general client using stock Git then the answer is no, it's
> impossible.
Hmph, I somehow had an impression that you wouldn't need anything
more complex than a simple helper that uses git-remote-ext on the
client side. On the remote end, you'd need to have something that
terminates the incoming SSL/TLS and plugs it to your git daemon.
>
>> Or the recommended way to do secure anonymous checkout is to simply
>> use https:// ?
>
> Yes, but it will only be secure if you've managed to verify the
> server's certificate and do trust its issuer (or a CA higher up the
> cert's trust chain) -- people tend to confuse "encrypted" with
> "secure" which is not at all the same thing.
next prev parent reply other threads:[~2013-12-27 22:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-27 12:59 git:// protocol over SSL/TLS Sergey Sharybin
2013-12-27 13:29 ` Andreas Schwab
2013-12-27 13:36 ` Konstantin Khomoutov
2013-12-27 13:58 ` Sergey Sharybin
2013-12-27 14:12 ` Andreas Schwab
2013-12-27 14:16 ` Konstantin Khomoutov
2013-12-27 14:18 ` Sergey Sharybin
2013-12-27 14:20 ` Matthieu Moy
2013-12-27 14:25 ` Sergey Sharybin
2013-12-27 14:39 ` Konstantin Khomoutov
2013-12-27 14:47 ` Sergey Sharybin
2013-12-27 14:56 ` Konstantin Khomoutov
2013-12-28 9:37 ` Jeff King
2013-12-27 16:26 ` Bernhard R. Link
2013-12-28 20:52 ` Sergey Sharybin
2013-12-28 0:11 ` brian m. carlson
2013-12-27 14:29 ` Andreas Schwab
2013-12-27 14:21 ` Pyeron, Jason J CTR (US)
2013-12-27 14:14 ` Konstantin Khomoutov
2013-12-27 22:21 ` Junio C Hamano [this message]
2013-12-28 20:00 ` Ilari Liusvaara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7viouaj5p0.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=flatworm@users.sourceforge.net \
--cc=git@vger.kernel.org \
--cc=sergey.vfx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.