This topic branch brings support for choosing cURL's SSL backend (a feature developed in Git for Windows' context) at runtime via http.sslBackend, and two more patches that are related (and only of interest for Windows users).
Changes since v1: * Reworded the commit message of v1's patch 2/3, to talk about the original design instead of "an earlier iteration" that was never contributed to the Git mailing list. * Changed the confusing >= 7.44.0 to < 7.44.0. Note: I had prepared https://github.com/dscho/git/commit/81e8c9a4006c919747a0b6a287f28f25799fcaf4 , intended to be included in v2, but Junio came up with https://public-inbox.org/git/xmqqsh0uln5c.fsf...@gitster-ct.c.googlers.com/ in the meantime, which I like better. Brendan Forster (1): http: add support for disabling SSL revocation checks in cURL Johannes Schindelin (2): http: add support for selecting SSL backends at runtime http: when using Secure Channel, ignore sslCAInfo by default Documentation/config.txt | 21 ++++++++++++ http.c | 71 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 91 insertions(+), 1 deletion(-) base-commit: 5a0cc8aca797dbd7d2be3b67458ff880ed45cddf Published-As: https://github.com/gitgitgadget/git/releases/tags/pr-46%2Fdscho%2Fhttp-ssl-backend-v2 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-46/dscho/http-ssl-backend-v2 Pull-Request: https://github.com/gitgitgadget/git/pull/46 Range-diff vs v1: 1: 8c5ecdb6c = 1: 85bd0fb27 http: add support for selecting SSL backends at runtime 2: 764791d13 ! 2: 951383695 http: add support for disabling SSL revocation checks in cURL @@ -14,10 +14,10 @@ This is only supported in cURL 7.44 or later. - Note: an earlier iteration tried to use the config setting - http.schannel.checkRevoke, but the http.* config settings can be limited - to specific URLs via http.<url>.* (which would mistake `schannel` for a - URL). + Note: originally, we wanted to call the config setting + `http.schannel.checkRevoke`. This, however, does not work: the `http.*` + config settings can be limited to specific URLs via `http.<url>.*` + (and this feature would mistake `schannel` for a URL). Helped by Agustín Martín Barbero. @@ -77,7 +77,7 @@ + curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE); +#else + warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n" -+ "your curl version is too old (>= 7.44.0)"); ++ "your curl version is too old (< 7.44.0)"); +#endif + } + 3: 9927e4ce6 = 3: a5f937a36 http: when using Secure Channel, ignore sslCAInfo by default -- gitgitgadget
