The apparent commonality of corporate firewall braindamage, and the
resulting "need" of people to pull over dumb (http) transport, is an
ongoing problem on kernel.org.
I have thought some about what can be done to improve the situation, and
I have come up with the following list of possibilities, pretty much
listed in order from easiest and least generic to hardest and most generic.
It would be very interesting if people who have familiarity with this
particular class of braindamaged firewalls could comment on how many
users would be helped by which ones of these solutions.
1. git protocol via CONNECT http proxy
Connect to http proxy, and use a CONNECT method to establish a link
to the git server, using the normal git protocol.
Minor change to TCP connection setup, but no other changes needed.
No changes on the server side.
2. git protocol over SSL via CONNECT http proxy
Same as #1, but encapsulate the data stream in an SSL connection.
If the git server is run on port 443, then the fact that the data
on the SSL connection isn't actually HTTP should be invisible to the
proxy, and thus this *should* work anywhere which allows https://
traffic.
Requires the git server to speak SSL.
3. git protocol encapsulated in HTTP POST transaction
git protocol is already fundamentally a RPC protocol, where the
client sends a query and the server responds. Furthermore, it
tries to minimize the number of round trips (RPC calls), which is
of course desirable.
Each such RPC transaction could be formulated as an HTTP POST
transaction.
This requires modifications to both the client and the server;
furthermore, the server can no longer rely on the invariant "one TCP
connection == one session"; a proxy might break a single session
into arbitrarily many TCP connections.
Thoughts?
-hpa
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html