Re: SChannel support in Git for Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You are correct, SChannel in NT 5.x is limited, but all those versions
are officially out of support.

When you're part of a Windows ecosystem, those root certs get pushed
into the local store by a GPO (usually), and you don't have to think
about it. That's the only reason I'm pushing.

Sounds like libcurl can't make it a run time consideration, and git
(understandably) doesn't want to worry about SChannel limitations in
very old versions of Windows.

Does git use libcurl for everything? I wonder if I could just drop my
own libraries with WinHTTP support?

On Fri, Jan 15, 2016 at 10:59 AM, Konstantin Khomoutov
<kostix+git@xxxxxxxxx> wrote:
> On Fri, 15 Jan 2016 10:04:17 -0500
> Robert Labrie <robert.labrie@xxxxxxxxx> wrote:
>
> [...]
>> But it would be more awesome if git just supported schannel on
>> Windows. I think cURL does already.
>
> On the one hand, yes -- that would mean tighter integration into the
> system which is a good thing from the administrative standpoint.
>
> On the other hand, IIUC, this artifically limits the capabilities of
> Git to whatever set of features the schannel implementation in a
> particular version of Windows supports.  As a glaring example, support
> for TLS 1.1 and TLS 1.2 had never made it into Windows XP (and
> supposedly Windows Server 2003, though I may be wrong) despite its
> serious entrenchment.  Among other things, that included IE (6, then 7,
> then 8).  I do understand the reasons MS validly has for its push on its
> customers for upgrades, but ubiquitous OSes nearing their EOL become
> prone to lacking of certain features in their stacks.  This well might
> be true for Windows 7 some 5 years down the road or so: from where I
> sit, it looks like corporate users have zero reasons to upgrade to 10.
>
> Hence ideally there would be some switch which would make libCURL pick
> the implementation at runtime.  But I'm afraid it's hardly doable.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]