Since [1] the default SHA-1 backend on OSX has been APPLE_COMMON_CRYPTO. Per [2] we'll skip using it on anything older than Mac OS X 10.4 "Tiger"[3]. When "DC_SHA1" was made the default in [4] this interaction between it and APPLE_COMMON_CRYPTO seems to have been missed in. Ever since DC_SHA1 was "made the default" we've still used Apple's CommonCrypto instead of sha1collisiondetection on modern versions of Darwin and OSX. 1. 61067954ce1 (cache.h: eliminate SHA-1 deprecation warnings on Mac OS X, 2013-05-19) 2. 9c7a0beee09 (config.mak.uname: set NO_APPLE_COMMON_CRYPTO on older systems, 2014-08-15) 3. We could probably drop "NO_APPLE_COMMON_CRYPTO", as nobody's likely to care about such on old version of OSX anymore. But let's leave that for now. 4. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17) Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 0c79546712f..7d0fa7adb61 100644 --- a/Makefile +++ b/Makefile @@ -500,6 +500,11 @@ include shared.mak # Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled # with git (in the block-sha1/ directory). # +# Define NO_APPLE_COMMON_CRYPTO on OSX to opt-out of using the +# "APPLE_COMMON_CRYPTO" backend for SHA-1, which is currently the +# default on that OS. On macOS 01.4 (Tiger) or older, +# NO_APPLE_COMMON_CRYPTO is defined by default. +# # If don't enable any of the *_SHA1 settings in this section, Git will # default to its built-in sha1collisiondetection library, which is a # collision-detecting sha1 This is slower, but may detect attempted -- 2.38.0.1464.gea6794aacbc