Eric Sunshine <sunshine@xxxxxxxxxxxxxx> writes:
> On Mon, Oct 15, 2018 at 6:14 AM Brendan Forster via GitGitGadget
> <gitgitgadget@xxxxxxxxx> wrote:
>> This config value is only used if http.sslBackend is set to "schannel",
>> which forces cURL to use the Windows Certificate Store when validating
>> server certificates associated with a remote server.
>>
>> This is only supported in cURL 7.44 or later.
>> [...]
>> Signed-off-by: Brendan Forster <github@xxxxxxxxxxxxxxxxxx>
>> ---
>> diff --git a/http.c b/http.c
>> @@ -811,6 +818,16 @@ static CURL *get_curl_handle(void)
>> + if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) &&
>> + !http_schannel_check_revoke) {
>> +#if LIBCURL_VERSION_NUM >= 0x072c00
>> + curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
>> +#else
>> + warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
>> + "your curl version is too old (>= 7.44.0)");
>
> This message is confusing. If your curl is too old, shouldn't the ">=" be a "<"?
I do not think I saw any update to correct this, and worse yet I do
not offhand recall if there was any other issue raised on the
series.
So assuming that this is the only remaining one, I'll squash the
following to step 2/3 of this three-patch series and plan to merge
it down to 'next' in the coming few days.
I have a clean-up suggestion related to this but is orthogonal to
this three-patch series (after the fix-up is applied, anyway), which
I'll be sending out separately.
Thanks.
http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.c b/http.c
index 0ebf8f77a6..43e75ac583 100644
--- a/http.c
+++ b/http.c
@@ -835,7 +835,7 @@ static CURL *get_curl_handle(void)
curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
#else
warning("CURLSSLOPT_NO_REVOKE not applied to curl SSL options because\n"
- "your curl version is too old (>= 7.44.0)");
+ "your curl version is too old (< 7.44.0)");
#endif
}
--
2.19.1-542-gc4df23f792
