From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Robert Labrie <robert.labrie@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: SChannel support in Git for Windows
Date: Fri, 15 Jan 2016 16:53:50 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.20.1601151650481.2964@virtualbox> (raw)
In-Reply-To: <CA+1xWaokgVthDv-up76RP+s+r4pSv5ntmePtDVND+rsKuo+-YA@mail.gmail.com>
Hi Robert,
On Fri, 15 Jan 2016, Robert Labrie wrote:
> Increasingly, network admins (including mine) think it's appropriate
> to intercept TLS handshakes on the firewall, and present the calling
> application with a self-signed cert for the requested domain (ie
> github.com). On Linux, this can be sorted out by putting the internal
> issuing CAs root cert in /etc/certs (or somesuch) and on windows, by
> importing it into the "Trusted Publishers" certificate store. The
> challenge comes from apps using OpenSSL on Windows, which doesn't have
> /etc and doesn't support the windows certificate store.
OpenSSL on Windows has no `/etc`, but Git does offer a way to provide your
own certificates, via the http.sslCAInfo setting.
Furthermore, you can rebuild cURL with support for WinHTTP (which accesses
the Windows Certificate Store). Since this is a compile time switch, we do
not support that with Git for Windows (until the day when cURL can be
built with WinHTTP *and* OpenSSL support and configured via a switch to
use one or the other).
> Presently, I'm using this procedure:
> http://stackoverflow.com/questions/9072376/configure-git-to-accept-a-particular-self-signed-server-certificate-for-a-partic
It may be a good idea to summarize it here (I would consider that good
form).
Ciao,
Johannes
next prev parent reply other threads:[~2016-01-15 15:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-15 15:04 SChannel support in Git for Windows Robert Labrie
2016-01-15 15:06 ` Daniel Stenberg
2016-01-15 15:53 ` Johannes Schindelin [this message]
2016-01-15 15:59 ` Konstantin Khomoutov
2016-01-15 16:11 ` Robert Labrie
2016-01-15 16:47 ` Konstantin Khomoutov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1601151650481.2964@virtualbox \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=robert.labrie@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).