From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14017 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 11:13:44 -0400 Message-ID: <20190326151344.GB23599@brightrain.aerifal.cx> References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> <20190326013706.GV23599@brightrain.aerifal.cx> <20190326015434.GB8855@localhost> <20190326025937.GW23599@brightrain.aerifal.cx> <20190326100245.GA1900@localhost> <20190326150430.GY23599@brightrain.aerifal.cx> <20190326150901.GA2267@homura.localdomain> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="148116"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-14033-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 16:13:59 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8nm3-000cMQ-F1 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 16:13:59 +0100 Original-Received: (qmail 9836 invoked by uid 550); 26 Mar 2019 15:13:57 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 9791 invoked from network); 26 Mar 2019 15:13:56 -0000 Content-Disposition: inline In-Reply-To: <20190326150901.GA2267@homura.localdomain> Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:14017 Archived-At: On Tue, Mar 26, 2019 at 11:09:01AM -0400, Drew DeVault wrote: > On 2019-03-26 11:04 AM, Rich Felker wrote: > > > Also I find you are providing https version of git.musl-libc.org site. > > > thttpd does not supports https. Are you using stunnel for it? > > > > I'm presently using haproxy's TLS-layer (vs HTTPS-layer) proxying, > > because stunnel suggers from a 2.5-decades-old wrong handling of TCP > > connection closing that makes it unusable, and because haproxy is what > > I knew at the time. I think openssl s_server could handle it too, but > > might not support SNI (?). What I'd really prefer is a non-broken > > stunnel workalike using BearSSL as the backend, since BearSSL is the > > only non-awful TLS implementation. If anyone wants to work on > > something like that I'd be happy to test and eventually dogfood it on > > musl site. > > If a working haproxy solution is already in place, why not rig it up for > cloning as well? What's the old phrase - perfect is the enemy of good, > or something like that. The problem is that I don't know how to hook up the smart git http backend via cgi. Maybe you're suggesting running it on a separate httpd with haproxy doing the routing, but that's not compatible with TLS-layer (rather than HTTP-layer) use of haproxy, and the latter does not work with thttpd's cgi conformance issues, nor do I want to introduce further dependency on haproxy, which is a big hammer. I'd rather move in the opposite direction towards something like a non-broken version of stunnel. Rich