Date: Tue, 26 Mar 2019 10:36:14 +0000 From: "Laurent Bercot" <ska-dietlibc@...rnet.org> To: musl@...ts.openwall.com Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc >On further enquiry I found that the latest cgit only supports dumb http protocol >for cloning or fetch. But it has option to disable the http/s cloning support, >so that another program can do it. Sorry, I was on the impression that skarnet was >supporting git http/s smart protocol by using cgit itself. No, this is much simpler than that: HTTPS on skarnet.org is supported by having busybox httpd run under a TLS-capable superserver (s6-tlsserver, from s6-networking, which can use BearSSL as its crypto backend). It's literally HTTP in a TLS tunnel, and has nothing to do with cgit or git, which are not TLS-aware at all. Unfortunately, that solution isn't applicable to git.musl-libc.org, because thttpd apparently insists on doing the socket listening itself - it doesn't seem to support inetd-style, which is how s6-tlsserver operates. This is a direct illustration of the superior convenience of inetd-style servers: they can be plugged with other tools in order to achieve functionality the original author didn't plan for. For thttpd, a different approach will be necessary, very likely at the CGI level. Good luck, Jim. -- Laurent
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.