Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default TLS backend is still OpenSSL on a clean install despite the installer code that seems to intend for it to be schannel #5295

Closed
1 task done
segevfiner opened this issue Dec 3, 2024 · 0 comments · Fixed by git-for-windows/build-extra#586
Closed
1 task done

Default TLS backend is still OpenSSL on a clean install despite the installer code that seems to intend for it to be schannel #5295

segevfiner opened this issue Dec 3, 2024 · 0 comments · Fixed by git-for-windows/build-extra#586
Assignees
@rimrul
Milestone
Next release

Comments

@segevfiner
Copy link

  • I was not able to find an open or closed issue matching what I'm seeing

Setup

  • Which version of Git for Windows are you using? Is it 32-bit or 64-bit? 64-bit
$ git --version --build-options

git version 2.47.1.windows.1
cpu: x86_64
built from commit: 2cd22437f64229935dc564db969cbcbfed5e9045
sizeof-long: 4
sizeof-size_t: 8
shell-path: D:/git-sdk-64-build-installers/usr/bin/sh
feature: fsmonitor--daemon
libcurl: 8.11.0
OpenSSL: OpenSSL 3.2.3 3 Sep 2024
zlib: 1.3.1
  • Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?
$ cmd.exe /c ver

Microsoft Windows [Version 10.0.22631.4460]
  • What options did you set as part of the installation? Or did you choose the
    defaults?
# One of the following:
> type "C:\Program Files\Git\etc\install-options.txt"
> type "C:\Program Files (x86)\Git\etc\install-options.txt"
> type "%USERPROFILE%\AppData\Local\Programs\Git\etc\install-options.txt"
> type "$env:USERPROFILE\AppData\Local\Programs\Git\etc\install-options.txt"
$ cat /etc/install-options.txt

Editor Option: VisualStudioCode
Custom Editor Path:
Default Branch Option: main
Path Option: Cmd
SSH Option: ExternalOpenSSH
Tortoise Option: false
CURL Option: WinSSL
CRLF Option: CRLFAlways
Bash Terminal Option: ConHost
Git Pull Behavior Option: FFOnly
Use Credential Manager: Enabled
Performance Tweaks FSCache: Enabled
Enable Symlinks: Enabled
Enable FSMonitor: Disabled
  • Any other interesting things about your environment that might be related
    to the issue you're seeing?

I tried this with a clean install.

Details

  • Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

PowerShell 7.4.6

Ran the installer
  • What did you expect to occur after running these commands?

Despite this line https://github.com/git-for-windows/build-extra/blob/6735402549b1776f65723e129b9208fa0ee5056b/installer/install.iss#L2331 and the commit that says it should be default, the default when clean installing still seems to be OpenSSL.

  • What actually happened instead?

The default on a clean install of Git for Windows is still OpenSSL instead of schannel despite what the code of the installer suggers

  • If the problem was occurring with a specific repository, can you provide the
    URL to that repository to help us with testing?
rimrul added a commit to rimrul/build-extra that referenced this issue Jan 4, 2025
@rimrul
installer: really default to Secure Channel
f49e56f 
Commit 8a7ab99 (installer: switch the libcurl default to Secure Channel,
2023-05-15) attempted to change the default libcurl backend for clean
new installs to Secure channel, but only adjusted one of two fallbacks
in the installer. There is one default value that gets passed to
ReplayChoice() to return if it finds no previous choice and one value
that gets used if ReplayChoice() returns an unexpected value. 8a7ab99
changed the latter to use Secure Channel, but left the former to default
to OpenSSL. Adjust the default value to match the intention of that
patch.

This fixes git-for-windows/git#5295

Signed-off-by: Matthias Aßhauer <[email protected]>
@rimrul rimrul mentioned this issue Jan 4, 2025
Merged
@dscho dscho added this to the Next release milestone Jan 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rimrul rimrul

Labels
None yet
Projects
None yet
Milestone
Next release
Development

Successfully merging a pull request may close this issue.

installer: really default to Secure Channel rimrul/build-extra
3 participants
@dscho @rimrul @segevfiner