Re: [PATCH] Implement https public key pinning

Jeff King writes: > We can't do this perfectly, because older versions of git do not yet > know about the option, and will therefore just silently ignore it. And > for consistency there, we usually do the same for features that we know > about but are unsupported. Jep that's why I

Re: [PATCH] Implement https public key pinning

On 02/12, Christoph Egger wrote: > Daniel Stenberg writes: > > On Thu, 11 Feb 2016, Christoph Egger wrote: > >> +#if LIBCURL_VERSION_NUM >= 0x074400 > > > > That should probably be 0x072c00 ... > > This is, of course, right. > > I used 7.44 / 0x072c00 as base because it has robust

Re: [PATCH] Implement https public key pinning

On Fri, Feb 12, 2016 at 11:02:26AM +0100, Thomas Gummerer wrote: > > Also some people suggested that git should fail if this option is > > requested in the config but not supported by the libcurl version instead > > of falling back to just not pin the key. I'm undecided about that. > > This

Re: [PATCH] Implement https public key pinning

Daniel Stenberg writes: > On Thu, 11 Feb 2016, Christoph Egger wrote: >> +#if LIBCURL_VERSION_NUM >= 0x074400 > > That should probably be 0x072c00 ... This is, of course, right. I used 7.44 / 0x072c00 as base because it has robust support for this feature (including the sha256//

Re: [PATCH] Implement https public key pinning

On Thu, 11 Feb 2016, Christoph Egger wrote: +#if LIBCURL_VERSION_NUM >= 0x074400 That should probably be 0x072c00 ... -- / daniel.haxx.se -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at

[PATCH] Implement https public key pinning

Add the http.pinnedpubkey configuration option for public key pinning. It allows any string supported by libcurl -- base64(sha256(pubkey)) or filename of the full public key. Signed-off-by: Christoph Egger --- For some more sensitive repositories I'd like to