Thread (3 messages) 3 messages, 3 authors, 2023-03-29

Re: [PATCH v2] http: add support for different sslcert and sslkey types.

From: Jeff King <hidden>
Date: 2023-03-29 23:24:06

On Wed, Mar 29, 2023 at 11:53:11AM -0700, Junio C Hamano wrote:
quoted
In my opinion they need the same set of tests which is used as usual
for https. But use the right certificate and key.
But I don't have any idea how to do that with hardware usb eToken in my case.
OK, so where does this put us, with respect to the change?  We have
some behaviour change that we do not know how to test?  How would we
know when we break it in the future?  It is not like the new feature
is not useful enough that nobody would care if it gets broken by
accident or anything like that, so...?

At least perhaps we can throw bogus strings in the environment and
make sure cURL library gives complaints, or something?
I would be OK taking the patches without any further tests. It is not
really making anything worse in the sense that we already do not test
any of the client-cert stuff.

If we can cheaply add some tests that at least exercise the code and
hand off to curl, that is better than nothing, I guess.

I think the ideal would be a new t5565 that sets LIB_HTTPD_SSL
unconditionally and actually tests various client-cert formats and
requests using a made-on-the-fly cert. But I don't want to hold up a
patch we otherwise think is OK on the basis of long-term technical debt
we already have.

-Peff
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help