subject:"\[git\-users\] Git over SSL"

Re: [git-users] Git over SSL

2016-01-14 Thread Bison Ravi

I am using the GitGUI client on Windows 10 https://git-scm.com/downloads



Since i issued the global command (git config --global http.sslCAPath) i 
can now connect


Here is the trace:

$ git push -u origin master
* Couldn't find host remcorpgit01.corp.group.local in the _netrc file; 
using defaults
* timeout on name lookup is not supported
*   Trying 10.1.1.22...
* Connected to remcorpgit01.corp.group.local (10.1.1.22) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: 
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*subject: C=NL; ST=Florida; L=Miami; O= International Inc.; OU=IT 
Team; CN=remcorpgit01.corp.group.local; emailAddress=supp...@group.com
*start date: Jan 14 09:31:20 2016 GMT
*expire date: Jan 11 09:31:20 2026 GMT
*issuer: C=NL; ST=Florida; L=Miami; O= International Inc.; OU=IT 
Team; CN=remcorpgit01.corp.group.local; emailAddress=supp...@group.com
*SSL certificate verify result: self signed certificate (18), 
continuing anyway.
> GET /Bison/Test_Git_GUI.git/info/refs?service=git-receive-pack HTTP/1.1
Host: remcorpgit01.corp.group.local
User-Agent: git/2.7.0.windows.1
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-US, *;q=0.9
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Thu, 14 Jan 2016 13:14:58 GMT
< Content-Type: text/plain
< Content-Length: 0
< Connection: keep-alive
< Cache-Control: no-cache
< Status: 401 Unauthorized
< WWW-Authenticate: Basic realm=""
< X-Request-Id: 2bd7c04b-7d74-49fe-b0f2-42b872f60679
< X-Runtime: 0.007080
<
* Connection #0 to host remcorpgit01.corp.group.local left intact
* Couldn't find host remcorpgit01.corp.group.local in the _netrc file; 
using defaults
* Found bundle for host remcorpgit01.corp.group.local: 0xa001e0
* timeout on name lookup is not supported
* Hostname remcorpgit01.corp.group.local was found in DNS cache
*   Trying 10.1.1.22...
* Connected to remcorpgit01.corp.group.local (10.1.1.22) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: 
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* SSL re-using session ID
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*subject: C=NL; ST=Florida; L=Miami; O= International Inc.; OU=IT 
Team; CN=remcorpgit01.corp.group.local; emailAddress=supp...@group.com
*start date: Jan 14 09:31:20 2016 GMT
*expire date: Jan 11 09:31:20 2026 GMT
*issuer: C=NL; ST=Florida; L=Miami; O= International Inc.; OU=IT 
Team; CN=remcorpgit01.corp.group.local; emailAddress=supp...@group.com
*SSL certificate verify result: self signed certificate (18), 
continuing anyway.
> GET /Bison/Test_Git_GUI.git/info/refs?service=git-receive-pack HTTP/1.1
Host: remcorpgit01.corp.group.local
User-Agent: git/2.7.0.windows.1
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-US, *;q=0.9
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Thu, 14 Jan 2016 13:15:14 GMT
< Content-Type: text/plain
< Content-Length: 0
< Connection: keep-alive
< Cache-Control: no-cache
< Status: 401 Unauthorized
< WWW-Authenticate: Basic realm=""
< X-Request-Id: 51d0257c-aa2c-4fd1-b842-6a575b0c944e
< X-Runtime: 0.261463
<
* Connection #1 to host remcorpgit01.corp.group.local left intact
* Issue another request to this URL: 
'https://remcorpgit01.corp.group.local/Bison/Test_Git_GUI.git/info/refs?service=git-receive-pack'
* Couldn't find host remcorpgit01.corp.group.local in the _netrc file; 
using defaults
* Found bundle for host remcorpgit01.corp.group.local: 0xa001e0
* Re-using existing connection! (#1) with host remcorpgit01.corp.group.local
* Connected to remcorpgit01.corp.group.local (10.1.1.22) port 443 (#1)
* Server auth using Basic with user 'Bison'
> GET /Bison/Test_Git_GUI.git/info/refs?service=git-receive-pack HTTP/1.1
Host: remcorpgit01.corp.group.local
Authorization: Basic dGNhcGFjY2k6cEBzc3cwcmQ=
User-Agent: git/2.7.0.windows.1
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-US, *;q=0.9
Pragma: no-cache

< HTTP/1.1 200 OK
< Server: nginx
< Date: Thu, 14 Jan 2016 13:15:14 GMT
< Content-Type: application/x-git-receive-pack-advertisement
< Content-Length: 179
< Connection: keep-alive
< Cache-Control: no-cache
<
* Connection #1 to host remcorpgit01.corp.group.local left intact
Counting objects: 3, done.
Writing objects: 100% (3/3), 222 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
* Couldn't find host remcorpgit01.corp.group.local in the _netrc file; 
using defaults
*

Re: [git-users] Git over SSL

2016-01-14 Thread Konstantin Khomoutov

On Thu, 14 Jan 2016 02:17:07 -0800 (PST)
Bison Ravi  wrote:

> I have setup Git/GitLab on Debian 7.7
> I have configured GitLab for SSL.
> 
> Now i am trying to connect to my Git project with GitGUI for Windows
> and i receive the following error: 
> 
> fatal: unable to access 
> 'https://git.corp.group.local/bravi/project_test2.git/': SSL
> certificate problem: self signed certificate

I bet this error comes from the client-side Git instance, so your steps
(1) and (2) have no sense as the server has nothing to do with it.

> I have read a couple of posts about that issue and tried this command:
> 
>1. git config --system http.sslCAPath /etc/gitlab/ssl. The path
> above contains the Self-Signed certificate i have created for use
> with Gitlab. 
>2. I also copied the crt file to ca-certifcates and ran the below 
>command to add the CA as Trusted on the Git server
> 
>  cp /etc/gitlab/ssl/remcorpgit01.corp.remarkgroup.local.crt 
> /usr/share/ca-certificates/
>  dpkg-reconfigure ca-certificates
> 
>   3. I have installed the certificate on my local machine
> (Windows client)  in the Trusted Root Certificate store

This step is logically correct; unfortunately, it won't help: Git uses
libCURL for implementation of HTTP[S] transport, and that one is built
(assuming you're using Git for Windows as you tell us exactly zero
information about your client setup) to use a Windows port of the
OpenSSL library to provide SSL/TLS support.  OpenSSL knows nothing
about Windows certificate storage and uses a special plain-text file or
a directory to look up its certificates (both client and CA).

>From there, you can explore two venues:

* Run your Git client while having GIT_TRACE=1 and GIT_CURL_VERBOSE=1
  in the environment, like this:

C:\> set GIT_TRACE=1
C:\>
C:\> set GIT_CURL_VERBOSE=1
C:\>
C:\> git fetch https://...
C:\>

  This will make your Git client extra-chatty about what's going on.
  libCURL parts should print out what resources were used to look for
  certificates.

* Run `git help config` and read up on the http.ssl* group of settings
  (just search for the string "http.ssl" in the manual page).
  Some of them control places Git forces on libCURL/OpenSSL to use for
  certificate lookups.

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[git-users] Git over SSL

2016-01-14 Thread Bison Ravi

Hi guys,

I have setup Git/GitLab on Debian 7.7
I have configured GitLab for SSL.

Now i am trying to connect to my Git project with GitGUI for Windows and i 
receive the following error: 

fatal: unable to access 
'https://git.corp.group.local/bravi/project_test2.git/': SSL certificate 
problem: self signed certificate

I have read a couple of posts about that issue and tried this command:

   1. git config --system http.sslCAPath /etc/gitlab/ssl. The path above 
   contains the Self-Signed certificate i have created for use with Gitlab. 
   2. I also copied the crt file to ca-certifcates and ran the below 
   command to add the CA as Trusted on the Git server

 cp /etc/gitlab/ssl/remcorpgit01.corp.remarkgroup.local.crt 
/usr/share/ca-certificates/
 dpkg-reconfigure ca-certificates

  3. I have installed the certificate on my local machine (Windows 
client)  in the Trusted Root Certificate store

Despite all this i still get the fatal error (even with new projects)

Any help would be appreciated.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [git-users] Git over SSL

Re: [git-users] Git over SSL

[git-users] Git over SSL

3 matches

Site Navigation

Mail list logo

Footer information