Hi folks,

I am using Git 2.6.1 with libcurl 7.44.0 from FreeBSD Ports. While trying 
to do a clone over our corporate HTTPS proxy:

git clone https://git-wip-us.apache.org/repos/asf/commons-lang.git
Klone nach 'commons-lang' ...
fatal: unable to access 
'https://git-wip-us.apache.org/repos/asf/commons-lang.git/': Unknown SSL 
protocol error in connection to git-wip-us.apache.org:443

The error message does not correspond to the actual problem cause running 
with GIT_CURL_VERBOSE=1 gives me:

Klone nach 'commons-lang' ...
* Couldn't find host git-wip-us.apache.org in the .netrc file; using 
defaults
*   Trying 139.23.33.27...
* Connected to proxyfarm.company.net (139.23.33.27) port 84 (#0)
* Establish HTTP proxy tunnel to git-wip-us.apache.org:443
> CONNECT git-wip-us.apache.org:443 HTTP/1.1
Host: git-wip-us.apache.org:443
User-Agent: git/2.5.1
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
< Proxy-Authenticate: NTLM
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 1438
<
* Ignore 1438 bytes of response-body
* Connect me again please
* ALPN, offering http/1.1
* Cipher selection: 
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* Unknown SSL protocol error in connection to git-wip-us.apache.org:443
* Closing connection 0
* Couldn't find host git-wip-us.apache.org in the .netrc file; using 
defaults
* Hostname proxyfarm.company.net was found in DNS cache
*   Trying 139.23.33.27...
* Connected to proxyfarm.company.net (139.23.33.27) port 84 (#1)
* Establish HTTP proxy tunnel to git-wip-us.apache.org:443
> CONNECT git-wip-us.apache.org:443 HTTP/1.1
Host: git-wip-us.apache.org:443
User-Agent: git/2.5.1
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
* gss_init_sec_context() failed: : Ticket expired
< Proxy-Authenticate: NTLM
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 1438
<
* Received HTTP code 407 from proxy after CONNECT
* Closing connection 1
fatal: unable to access 
'https://git-wip-us.apache.org/repos/asf/commons-lang.git/': Unknown SSL 
protocol error in connection to git-wip-us.apache.org:443

As you can see the problem is not SSL but an expired Kerberos ticket 
(failed authentication). At best libcurl returns CURLE_HTTP_RETURNED_ERROR 
(22) along with the HTTP status code.

After obtaining a ticket, everything goes smoothly.

Michael

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to