http vs https in DEPS

Andrew MacDonald

unread,

Sep 22, 2011, 12:29:28 AM9/22/11

to Chromium-dev

We have a WebRTC user sitting behind a corporate proxy which prevents
svn checkouts over http. Apparently the proxy can't handle WebDAV/
DeltaV requests properly.

This can be worked around by using https rather than http paths in our
WebRTC DEPS file. I was wondering if anyone here had experience with
this problem, or could comment on reasons to prefer http over https in
DEPS.

-- Andrew

Soo-Hyun Choi

unread,

Sep 22, 2011, 12:58:17 AM9/22/11

to Chromium-dev

Hi all,

As WebDAV/DeltaV aren't the standard HTTP, a http proxy won't be able
to handle those request properly unless it is explicitly configured to
do so (e.g., adding PROPFIND options at "extension_methods" in a proxy
config file).

Therefore, unless we have specific reasons to use http over https, I
would like to suggest to change DEPS file (both WebRTC and Chromium).

Similar issue have been posted at WebRTC as well:
https://groups.google.com/group/discuss-webrtc/browse_thread/thread/28244d361186c797
http://groups.google.com/group/discuss-webrtc/browse_thread/thread/60b968e520bd724d

Soo-Hyun

Chris Palmer

unread,

Sep 22, 2011, 2:07:14 PM9/22/11

to and...@webrtc.org, Chromium-dev

On Wed, Sep 21, 2011 at 9:29 PM, Andrew MacDonald <and...@webrtc.org> wrote:

> WebRTC DEPS file. I was wondering if anyone here had experience with
> this problem, or could comment on reasons to prefer http over https in
> DEPS.

Well, there is that whole security thing.

Chris Palmer

unread,

Sep 23, 2011, 1:07:51 PM9/23/11

to and...@webrtc.org, Chromium-dev

To clarify: There should be no HTTP; we should use HTTPS only. Sorry
about being unduly gnomic. :)

Nicolas Sylvain

unread,

Sep 23, 2011, 1:30:38 PM9/23/11

to pal...@google.com, and...@webrtc.org, Chromium-dev

On Fri, Sep 23, 2011 at 10:07 AM, Chris Palmer <pal...@google.com> wrote:

To clarify: There should be no HTTP; we should use HTTPS only. Sorry
about being unduly gnomic. :)

We've done the research to switch our DEPS to https, and this was not feasible at the time for

at least 2 reasons:

1. svn is unusably slow with HTTPS.

$ time svn ls http://src.chromium.org/svn/trunk/tools/build/DEPS

DEPS

real 0m0.053s

user 0m0.020s

sys 0m0.000s

$ time svn ls https://src.chromium.org/svn/trunk/tools/build/DEPS

[...]

DEPS

real 4m44.282s

user 0m0.270s

sys 0m0.040s

(No, it's not that slow on all machines, but the bug is on enough machines that we can't roll it out.)

2. svn keeps prompting to accepts certificates because the cert list it comes with does not include our certs.

Error validating server certificate for 'https://src.chromium.org:443':

- The certificate is not issued by a trusted authority. Use the

fingerprint to validate the certificate manually!

Certificate information:

- Hostname: src.chromium.org

- Valid: from Mon, 28 Mar 2011 20:37:21 GMT until Wed, 28 Mar 2012 20:47:21 GMT

- Issuer: Google Inc, US

- Fingerprint: 2b:8f:64:83:06:fc:8f:e3:88:7d:cf:af:1f:ba:7d:db:44:06:de:23

Also, svn over https cannot be interrupted with control-C, which is super annoying.

That said... src.chromium.org is available over HTTPS. Feel free to use it, but we won't be

able to provide support for it.

Nicolas

>> WebRTC DEPS file. I was wondering if anyone here had experience with
>> this problem, or could comment on reasons to prefer http over https in
>> DEPS.
>
> Well, there is that whole security thing.

--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

Soo-Hyun Choi

unread,

Sep 24, 2011, 10:08:57 PM9/24/11

to nsyl...@chromium.org, pal...@google.com, and...@webrtc.org, Chromium-dev

Nicolas,

On Sat, Sep 24, 2011 at 02:30, Nicolas Sylvain <nsyl...@chromium.org> wrote:
> We've done the research to switch our DEPS to https, and this was
> not feasible at the time for
> at least 2 reasons:
> 1. svn is unusably slow with HTTPS.
> $ time svn ls http://src.chromium.org/svn/trunk/tools/build/DEPS
> DEPS
> real 0m0.053s
> user 0m0.020s
> sys 0m0.000s
> $ time svn ls https://src.chromium.org/svn/trunk/tools/build/DEPS
> [...]
> DEPS
> real 4m44.282s
> user 0m0.270s
> sys 0m0.040s
> (No, it's not that slow on all machines, but the bug is on enough machines
> that we can't roll it out.)

Surprising! I've done the same test on MacOS 10.6.8, CentOS 5.7,
Ubuntu 10.4 on various geographic locations. But, all have shown HTTPS
is faster than HTTP (or equivalent). When you said the "bug", which
bug are you referring to?

> 2. svn keeps prompting to accepts certificates because the cert list it
> comes with does not include our certs.
> Error validating server certificate for 'https://src.chromium.org:443':
> - The certificate is not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
> Certificate information:
> - Hostname: src.chromium.org
> - Valid: from Mon, 28 Mar 2011 20:37:21 GMT until Wed, 28 Mar 2012 20:47:21
> GMT
> - Issuer: Google Inc, US
> - Fingerprint: 2b:8f:64:83:06:fc:8f:e3:88:7d:cf:af:1f:ba:7d:db:44:06:de:23
>
> Also, svn over https cannot be interrupted with control-C, which is super
> annoying.

I don't get it - svn over https CAN be interrupted with Ctrl+C.

Nicolas Sylvain

unread,

Sep 26, 2011, 12:49:00 PM9/26/11

to Soo-Hyun Choi, pal...@google.com, and...@webrtc.org, Chromium-dev

On Sat, Sep 24, 2011 at 7:08 PM, Soo-Hyun Choi <s.c...@computer.or.kr> wrote:

Nicolas,

On Sat, Sep 24, 2011 at 02:30, Nicolas Sylvain <nsyl...@chromium.org> wrote:
> We've done the research to switch our DEPS to https, and this was
> not feasible at the time for
> at least 2 reasons:
> 1. svn is unusably slow with HTTPS.
> $ time svn ls http://src.chromium.org/svn/trunk/tools/build/DEPS
> DEPS
> real 0m0.053s
> user 0m0.020s
> sys 0m0.000s
> $ time svn ls https://src.chromium.org/svn/trunk/tools/build/DEPS
> [...]
> DEPS
> real 4m44.282s
> user 0m0.270s
> sys 0m0.040s
> (No, it's not that slow on all machines, but the bug is on enough machines
> that we can't roll it out.)

Surprising! I've done the same test on MacOS 10.6.8, CentOS 5.7,
Ubuntu 10.4 on various geographic locations. But, all have shown HTTPS
is faster than HTTP (or equivalent). When you said the "bug", which
bug are you referring to?

I don't have references to the bug, but as you mentioned, it does not happen

to everyone, so I assume there is a bug somewhere.

> 2. svn keeps prompting to accepts certificates because the cert list it
> comes with does not include our certs.
> Error validating server certificate for 'https://src.chromium.org:443':
> - The certificate is not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
> Certificate information:
> - Hostname: src.chromium.org
> - Valid: from Mon, 28 Mar 2011 20:37:21 GMT until Wed, 28 Mar 2012 20:47:21
> GMT
> - Issuer: Google Inc, US
> - Fingerprint: 2b:8f:64:83:06:fc:8f:e3:88:7d:cf:af:1f:ba:7d:db:44:06:de:23
>
> Also, svn over https cannot be interrupted with control-C, which is super
> annoying.

I don't get it - svn over https CAN be interrupted with Ctrl+C.

Not here.. maybe the same bug? Something is making SVN hang for ~5 minutes when I use it over https on a Ubuntu Lucid Server machine.

Nicolas

Reply all

Reply to author

Forward