Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git version is old and does not work with x509 certificates #4362

Closed
jomach opened this issue Jul 22, 2019 · 0 comments · Fixed by #4363
Closed

git version is old and does not work with x509 certificates #4362

jomach opened this issue Jul 22, 2019 · 0 comments · Fixed by #4363
Labels
type:bug

Comments

@jomach
Copy link

jomach commented Jul 22, 2019

ISSUE TYPE
  • Bug Report
SUMMARY

If we need to use the git options sslCert, sslKey and sslCAInfo with git 1.8 and centos7 we get:

NSS: client certificate not found (nickname not specified)

ENVIRONMENT
  • AWX version: 6.1.0
  • AWX install method: docker
  • Ansible version: 2.8.2
  • Operating System: centos7
  • Web Browser: Chrome
STEPS TO REPRODUCE

1- docker run ansible/awx_task:latest bash
2- setup gitconfig to use sslCert (so that x509 handshake is needed)
3- export GIT_CURL_VERBOSE=1
4 - git clone

EXPECTED RESULTS

git clone works

ACTUAL RESULTS

NSS: client certificate not found (nickname not specified)
Cloning into 'repo'...

  • About to connect() to someServer port 443 (#0)
  • Trying someServer
  • Connected to someServer (xxxxx) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • NSS: client certificate not found (nickname not specified)
  • NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT)
  • SSL peer was unable to negotiate an acceptable set of security parameters.
  • Closing connection 0
ADDITIONAL INFORMATION

Upgrade from git version fixes the problem
@jomach jomach changed the title git version is old and does not work witth x509 certificates git version is old and does not work with x509 certificates Jul 22, 2019
jomach pushed a commit to jomach/awx that referenced this issue Jul 22, 2019
ansible#4362
38cdfc4 
* upgrade from git on containers
@jomach jomach mentioned this issue Jul 22, 2019
Merged
jomach pushed a commit to jomach/awx that referenced this issue Jul 26, 2019
ansible#4362
d4effe9 
* pr comments
jomach pushed a commit to jomach/awx that referenced this issue Jul 26, 2019
ansible#4362
9b135b0 
* pr comments part2
jomach pushed a commit to jomach/awx that referenced this issue Jul 26, 2019
ansible#4362
2309b9e 
* pr comments part2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[4362] git version is old and does not work with x509 certificates jomach/awx
2 participants
@jomach @awxbot