From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc
Date: Tue, 26 Mar 2019 11:13:44 -0400 [thread overview]
Message-ID: <20190326151344.GB23599@brightrain.aerifal.cx> (raw)
In-Reply-To: <20190326150901.GA2267@homura.localdomain>
On Tue, Mar 26, 2019 at 11:09:01AM -0400, Drew DeVault wrote:
> On 2019-03-26 11:04 AM, Rich Felker wrote:
> > > Also I find you are providing https version of git.musl-libc.org site.
> > > thttpd does not supports https. Are you using stunnel for it?
> >
> > I'm presently using haproxy's TLS-layer (vs HTTPS-layer) proxying,
> > because stunnel suggers from a 2.5-decades-old wrong handling of TCP
> > connection closing that makes it unusable, and because haproxy is what
> > I knew at the time. I think openssl s_server could handle it too, but
> > might not support SNI (?). What I'd really prefer is a non-broken
> > stunnel workalike using BearSSL as the backend, since BearSSL is the
> > only non-awful TLS implementation. If anyone wants to work on
> > something like that I'd be happy to test and eventually dogfood it on
> > musl site.
>
> If a working haproxy solution is already in place, why not rig it up for
> cloning as well? What's the old phrase - perfect is the enemy of good,
> or something like that.
The problem is that I don't know how to hook up the smart git http
backend via cgi. Maybe you're suggesting running it on a separate
httpd with haproxy doing the routing, but that's not compatible with
TLS-layer (rather than HTTP-layer) use of haproxy, and the latter does
not work with thttpd's cgi conformance issues, nor do I want to
introduce further dependency on haproxy, which is a big hammer. I'd
rather move in the opposite direction towards something like a
non-broken version of stunnel.
Rich
next prev parent reply other threads:[~2019-03-26 15:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190324103306.GB1830@localhost>
[not found] ` <20190326003411.GC1872@localhost>
2019-03-26 1:09 ` vlse
2019-03-26 1:17 ` A. Wilcox
2019-03-26 1:37 ` Rich Felker
2019-03-26 1:54 ` vlse
2019-03-26 2:59 ` Rich Felker
2019-03-26 10:02 ` vlse
2019-03-26 10:36 ` Laurent Bercot
2019-03-26 15:04 ` Rich Felker
2019-03-26 15:09 ` Drew DeVault
2019-03-26 15:13 ` Rich Felker [this message]
2019-03-26 15:43 ` Drew DeVault
2019-03-26 15:47 ` Rich Felker
2019-03-26 15:57 ` Drew DeVault
2019-03-26 17:57 ` Rich Felker
2019-03-26 20:32 ` A. Wilcox
2019-03-26 20:39 ` Assaf Gordon
2019-03-26 22:02 ` Rich Felker
2019-03-26 22:32 ` Assaf Gordon
2019-03-26 23:58 ` Rich Felker
2019-03-27 0:15 ` Rich Felker
2019-03-27 5:39 ` vlse
2019-03-27 17:26 ` Assaf Gordon
2019-03-27 17:41 ` Assaf Gordon
2019-04-03 6:42 ` vlse
2019-03-26 10:19 ` Jens Gustedt
2019-03-26 10:30 ` vlse
2019-03-26 14:59 ` Rich Felker
2019-03-26 1:43 ` vlse
2019-03-26 2:29 ` A. Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190326151344.GB23599@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).