From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from scc-mailout-kit-02.scc.kit.edu (scc-mailout-kit-02.scc.kit.edu [129.13.231.82]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id 46e0dd26 for ; Sat, 18 Mar 2017 10:17:20 -0500 (EST) Received: from asta-nat.asta.uni-karlsruhe.de ([172.22.63.82] helo=hekate.usta.de) by scc-mailout-kit-02.scc.kit.edu with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (envelope-from ) id 1cpG6Y-0001ii-7h; Sat, 18 Mar 2017 16:17:19 +0100 Received: from donnerwolke.usta.de ([172.24.96.3]) by hekate.usta.de with esmtp (Exim 4.77) (envelope-from ) id 1cpG6W-0004R5-Qj; Sat, 18 Mar 2017 16:17:16 +0100 Received: from athene.usta.de ([172.24.96.10]) by donnerwolke.usta.de with esmtp (Exim 4.84_2) (envelope-from ) id 1cpG6W-00072V-Kc; Sat, 18 Mar 2017 16:17:16 +0100 Received: from localhost (athene.usta.de [local]) by athene.usta.de (OpenSMTPD) with ESMTPA id 82242ad4; Sat, 18 Mar 2017 16:17:16 +0100 (CET) Date: Sat, 18 Mar 2017 16:17:16 +0100 From: Ingo Schwarze To: Andreas =?utf-8?Q?V=C3=B6gele?= Cc: tech@mdocml.bsd.lv Subject: Re: check environment variable HTTPS in cgi.c Message-ID: <20170318151716.GB52684@athene.usta.de> References: X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.2 (2016-07-01) Hi, Andreas Voegele wrote on Tue, Feb 28, 2017 at 09:05:09AM +0100: > currently the scheme is hard-coded to "http" in cgi.c. And it will stay like that. > The scheme could be set to "https" if the environment variable "HTTPS" > is set to "on" by the web server. Rejected. Minimizing the use of environment variables is among the chief design goals of man.cgi(8). It's bad enough that we can't avoid relying on PATH_INFO and QUERY_STRING. Besides, https:// is pointless for man.cgi(8). It is a read-only service, and publishing confidential manuals would be an oxymoron. Yours, Ingo -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv