Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-24 Thread John Keeping
On Tue, Nov 24, 2015 at 05:28:21PM -0500, Jeff King wrote: > On Tue, Nov 24, 2015 at 10:17:08PM +, John Keeping wrote: > > > I wonder if we should do this to help debug SSL issues: > > > > -- >8 -- > > diff --git a/git-send-email.perl b/git-send-email.perl > > index e057051..6d4e0ee 100755 >

Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-24 Thread Jeff King
On Tue, Nov 24, 2015 at 10:17:08PM +, John Keeping wrote: > I wonder if we should do this to help debug SSL issues: > > -- >8 -- > diff --git a/git-send-email.perl b/git-send-email.perl > index e057051..6d4e0ee 100755 > --- a/git-send-email.perl > +++ b/git-send-email.perl > @@ -1317,6 +1317,

Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-24 Thread John Keeping
On Tue, Nov 24, 2015 at 02:58:43PM -0500, Jeff King wrote: > On Fri, Nov 20, 2015 at 07:46:51PM +, John Keeping wrote: > > > > For people who know their systems are broken and want to proceed anyway, > > > what is the appropriate work-around? Obviously it involves disabling > > > peer verifica

Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-24 Thread Jeff King
On Fri, Nov 20, 2015 at 07:46:51PM +, John Keeping wrote: > > For people who know their systems are broken and want to proceed anyway, > > what is the appropriate work-around? Obviously it involves disabling > > peer verification, but would we want to include instructions for doing > > so (eit

Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-20 Thread John Keeping
On Fri, Nov 20, 2015 at 06:18:48AM -0500, Jeff King wrote: > On Tue, Nov 17, 2015 at 10:12:07PM +, John Keeping wrote: > > > If the CA path isn't found it's most likely to indicate a > > misconfiguration, in which case accepting any certificate is unlikely to > > be the correct thing to do. >

Re: [RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-20 Thread Jeff King
On Tue, Nov 17, 2015 at 10:12:07PM +, John Keeping wrote: > If the CA path isn't found it's most likely to indicate a > misconfiguration, in which case accepting any certificate is unlikely to > be the correct thing to do. Yeah, this seems like a crazy default for security-sensitive code. I

[RFC/PATCH] send-email: die if CA path doesn't exist

2015-11-17 Thread John Keeping
If the CA path isn't found it's most likely to indicate a misconfiguration, in which case accepting any certificate is unlikely to be the correct thing to do. Signed-off-by: John Keeping --- git-send-email.perl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/git-send-email.