From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14015 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Drew DeVault Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 11:09:01 -0400 Message-ID: <20190326150901.GA2267@homura.localdomain> References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> <20190326013706.GV23599@brightrain.aerifal.cx> <20190326015434.GB8855@localhost> <20190326025937.GW23599@brightrain.aerifal.cx> <20190326100245.GA1900@localhost> <20190326150430.GY23599@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="125744"; mail-complaints-to="usenet@blaine.gmane.org" To: musl@lists.openwall.com Original-X-From: musl-return-14031-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 16:09:19 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8nhW-000WWf-49 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 16:09:18 +0100 Original-Received: (qmail 1699 invoked by uid 550); 26 Mar 2019 15:09:16 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 1681 invoked from network); 26 Mar 2019 15:09:15 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cmpwn.com; s=cmpwn; t=1553613089; bh=yoxDAsNicfVGjVqN6wEoiFJqDe8QOiryywHQIbmkvE4=; h=Date:From:To:Subject:References:In-Reply-To; b=uObM9xcITEfNLypYScLYd5QLSd094LE+/19xmuFHVWiWlCTWmVxfQ+9zIy/9h3uoR XzgNYYEDVfmGzlC69rSXEbcxBaGFnF5DgeBd2HGQ9c9Ry9ZeeMzeqid0FXsuRjIb7y fq/SK2JcPOIiCDAhsY5g4VLwjRJVAYLOg3AZOjB8= Content-Disposition: inline In-Reply-To: <20190326150430.GY23599@brightrain.aerifal.cx> X-GNU: Terry Pratchett Xref: news.gmane.org gmane.linux.lib.musl.general:14015 Archived-At: On 2019-03-26 11:04 AM, Rich Felker wrote: > > Also I find you are providing https version of git.musl-libc.org site. > > thttpd does not supports https. Are you using stunnel for it? > > I'm presently using haproxy's TLS-layer (vs HTTPS-layer) proxying, > because stunnel suggers from a 2.5-decades-old wrong handling of TCP > connection closing that makes it unusable, and because haproxy is what > I knew at the time. I think openssl s_server could handle it too, but > might not support SNI (?). What I'd really prefer is a non-broken > stunnel workalike using BearSSL as the backend, since BearSSL is the > only non-awful TLS implementation. If anyone wants to work on > something like that I'd be happy to test and eventually dogfood it on > musl site. If a working haproxy solution is already in place, why not rig it up for cloning as well? What's the old phrase - perfect is the enemy of good, or something like that.