From: Junio C Hamano <gitster@pobox.com>
To: David Timber <dxdt@dev.snart.me>
Cc: git@vger.kernel.org
Subject: Re: [PATCH v2 1/1] send-email: add client certificate options
Date: Mon, 02 Mar 2026 08:43:20 -0800 [thread overview]
Message-ID: <xmqq7bru41xz.fsf@gitster.g> (raw)
In-Reply-To: <20260302032048.260209-2-dxdt@dev.snart.me> (David Timber's message of "Mon, 2 Mar 2026 12:16:41 +0900")
David Timber <dxdt@dev.snart.me> writes:
> For SMTP servers that do "mutual certificate verification", the mail
> client is required to present its own TLS certificate as well. This
> patch adds --smtp-ssl-client-cert and --smtp-ssl-client-key for such
> servers.
>
> The problem of which private key for the certificate is chosen arises
> when there are private keys in both the certificate and private key
> file. According to the documentation of IO::Socket::SSL(link supplied),
> the behaviour(the private key chosen) depends on the format of the
> certificate. In a nutshell,
>
> - PKCS12: the key in the cert always takes the precedence
> - PEM: if the key file is not given, it will "try" to read one
> from the cert PEM file
>
> Many users may find this discrepancy unintuitive.
>
> In terms of client certificate, git-send-email is implemented in a way
> that what's possible with perl's SSL library is exposed to the user as
> much as possible. In this instance, the user may choose to use a PEM
> file that contains both certificate and private key should be
> at their discretion despite the implications.
>
> Link: https://metacpan.org/pod/IO::Socket::SSL#SSL_cert_file-%7C-SSL_cert-%7C-SSL_key_file-%7C-SSL_key
> Link: https://lore.kernel.org/all/319bf98c-52df-4bf9-b157-e4bc2bf087d6@dev.snart.me/
>
> Signed-off-by: David Timber <dxdt@dev.snart.me>
> ---
> Documentation/config/sendemail.adoc | 16 ++++++++++
> Documentation/git-send-email.adoc | 19 ++++++++++++
> git-send-email.perl | 47 ++++++++++++++++++++++-------
> 3 files changed, 71 insertions(+), 11 deletions(-)
It's a lot of text but quite informative. Will replace.
Shall we declare victory and mark the topic for 'next' now?
Thanks.
next prev parent reply other threads:[~2026-03-02 16:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 8:17 [PATCH v1 0/1] send-email: add client certificate options David Timber
2026-02-20 8:17 ` [PATCH v1 1/1] send-mail: " David Timber
2026-02-20 16:35 ` Junio C Hamano
2026-02-21 9:16 ` David Timber
2026-02-26 16:41 ` Junio C Hamano
2026-03-02 3:16 ` [PATCH v2 0/1] send-email: " David Timber
2026-03-02 3:16 ` [PATCH v2 1/1] " David Timber
2026-03-02 16:43 ` Junio C Hamano [this message]
2026-03-04 14:39 ` David Timber
2026-02-20 16:19 ` [PATCH v1 0/1] " Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq7bru41xz.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=dxdt@dev.snart.me \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox