从 Windows Git 上的“OpenSSL 库”切换到“本机 Windows 安全通道库”,无需重新安装?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45742607/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Switch to "Native Windows Secure Channel library" from "OpenSSL library" on Windows Git, without reinstalling?
提问by Saqib Ali
During the installation of Git on my Windows machine, I selected "Use the OpenSSL library" for HTTPS Transport backend.
在我的 Windows 机器上安装 Git 期间,我为 HTTPS 传输后端选择了“使用 OpenSSL 库”。
I would like to switch to "Native Windows Secure Channel library" for HTTPS Transport.
我想为 HTTPS 传输切换到“本机 Windows 安全通道库”。
Is this possible without re-installing git on Windows?
如果不在 Windows 上重新安装 git,这可能吗?
采纳答案by Saqib Ali
The issue has been resolved by the Git for Windows developer: https://github.com/git-for-windows/git/issues/1274
该问题已由 Git for Windows 开发人员解决:https: //github.com/git-for-windows/git/issues/1274
回答by JasonS
I found the setting for "schannel" or "openssl" with Git for Windows 2.14.2, 64 bit in file:
我在 Git for Windows 2.14.2、64 位文件中找到了“schannel”或“openssl”的设置:
C:\Program Files\Git\mingw64\etc\gitconfig
Example config for OpenSSL:
OpenSSL 的示例配置:
[http]
sslCAInfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
sslBackend = openssl
Example config for Windows native:
Windows 本机的示例配置:
[http]
sslCAInfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
sslBackend = schannel
回答by VonC
This is now offically supported with Git 2.20 (Q4 2018): On platforms with recent cURL library, http.sslBackendconfiguration variable can be used to choose a different SSL backend at runtime.
The Windows port uses this mechanism to switch between OpenSSL and
Secure Channel while talking over the HTTPS protocol.
Git 2.20(2018 年第 4 季度)现在正式支持此功能:在具有最新 cURL 库的平台上,http.sslBackend配置变量可用于在运行时选择不同的 SSL 后端。
Windows 端口使用此机制在通过 HTTPS 协议进行通信时在 OpenSSL 和安全通道之间切换。
See commit b67d40a(25 Oct 2018), and commit 21084e8(15 Oct 2018) by Johannes Schindelin (dscho).
See commit 93aef7c(25 Oct 2018) by Brendan Forster (shiftkey).
(Merged by Junio C Hamano -- gitster--in commit d7b1859, 02 Nov 2018)
见提交b67d40a(2018年10月25日),并提交21084e8(2018年10月15日)由约翰内斯Schindelin( )dscho。
请参阅Brendan Forster ( ) 的提交 93aef7c(2018 年 10 月 25 日)。(由Junio C Hamano合并-- --在d7b1859 提交中,2018 年 11 月 2 日)shiftkeygitster
http: add support for selecting SSL backends at runtimeAs of version 7.56.0, curl supports being compiled with multiple SSL backends.
This patch adds the Git side of that feature: by setting
http.sslBackendto "openssl" or "schannel", Git for Windows can now choose the SSL backend at runtime.This comes in handy on Windows because Secure Channel ("schannel") is the native solution, accessing the Windows Credential Store, thereby allowing for enterprise-wide management of certificates.
For historical reasons, Git for Windows needs to support OpenSSL still, as it has previously been the only supported SSL backend in Git for Windows for almost a decade.The patch has been carried in Git for Windows for over a year, and is considered mature.
http: 添加对在运行时选择 SSL 后端的支持从 7.56.0 版本开始,curl 支持使用多个 SSL 后端进行编译。
此补丁添加了该功能的 Git 端:通过设置
http.sslBackend为“openssl”或“schannel”,Git for Windows 现在可以在运行时选择 SSL 后端。这在 Windows 上很方便,因为安全通道(“schannel”)是本机解决方案,可以访问 Windows 凭据存储,从而允许在企业范围内管理证书。
由于历史原因,Git for Windows 仍然需要支持 OpenSSL,因为它之前是 Git for Windows 中唯一支持的 SSL 后端近十年。该补丁已经在 Windows 版 Git 中进行了一年多的时间,并且已经被认为是成熟的。
回答by VonC
You can check out this threadfrom the Git for Windows maintainer:
你可以从 Git for Windows 维护者那里查看这个线程:
Yes, it is possible, and you can find out how exactly it is done by inspecting the source code for the installer, which is at https://github.com/git-for-windows/build-extrain the installer/install.iss file (this file is also easily found by a
git grep "Secure Channel").The relevant part is when the installer tests for the GC_WinSSL option to do more interesting stuff than recording the user's choice:
是的,这是可能的,您可以通过检查安装程序的源代码来了解它是如何完成的,安装程序位于 https://github.com/git-for-windows/build-extra中的 installer/install .iss 文件(这个文件也很容易被 找到
git grep "Secure Channel")。相关部分是当安装程序测试 GC_WinSSL 选项以执行比记录用户选择更有趣的事情时:
if RdbCurlVariant[GC_WinSSL].Checked and (not
ReplaceFile(BinDir+'curl-winssl\curl.exe',BinDir+'curl.exe') or not
ReplaceFile(BinDir+'curl-winssl\libcurl-4.dll',BinDir+'libcurl-4.dll'))
then begin
Log('Line {#__LINE__}: Replacing curl-openssl with curl-winssl failed.');
end;
In other words, the installer will simply try to replace the curl.exe and libcurl-4.dll files in \mingw64\bin (or the 32-bit equivalent) by the files in \mingw64\curl-winssl.
换句话说,安装程序将简单地尝试用 \mingw64\curl-winssl 中的文件替换 \mingw64\bin(或等效的 32 位)中的 curl.exe 和 libcurl-4.dll 文件。
