Unable to communicate with https servers #1493
Comments
Thank you for giving this bug another chance of getting resolved.
Can you reproduce with PortableGit (https://github.com/git-for-windows/git/releases/download/v2.16.1.windows.4/PortableGit-2.16.1.4-64-bit.7z.exe)? That would be the least disruptive to your work. Also, as before: What does Note: If you are willing to test a couple of things, I am willing to put in the hours to build custom installers to get to the bottom of this. And of course I can give you a pretty easy way to work around the issue in your daily work: set the environment variable |
|
Thanks, I'll try to get someone from my org to follow up ASAP, else I'll come back to this shortly. Btw RE the ca-bundle.crt path, I don't believe this was ever manually configured. It was always just the default location installed by Git-for-Windows... Is it normal for people to customize this? I didn't see any installation option for it... Thanks Alex |
It should not be manually configured, except when someone adds custom certificates e.g. to support servers with self-signed certificates. |
|
I have the same problem on a Windows 10 machine while on another it works without problems. Rolling back to Git-2.14.1-64-bit and everything seems working as expected. The difference between both Windows 10 machines is, the failing one is located behind a corporate firewall and needs to be connected via proxy servers, no other internet access is possible. |
|
@abtOliver are you sure that you see the exact same error message, including "CAfile: /mingw64/ssl/certs/ca-bundle.crt"? And: does it work with |
|
@dscho this is the output from a clone command:
As you can see it is including the CAfile part. The
|
|
@dscho I found out something very interesting,
|
|
Hmm. @abtOliver so the problem might be due to HTTPS proxies not using the correct CA file... I hope to find some time to set something up next week. If you have pointers (or even better, if you find an easy way to configure Apache2 to server as such an HTTPS proxy), I would be most grateful. |
|
@abtOliver have you tried using the new SChannel support and adding the certificates to your Windows store, instead of relying on http.sslcainfo? |
|
/remind me in 10 days that I wanted to try to test this. |
|
@dscho set a reminder for Mar 14th 2018 |
|
👋 @dscho, I wanted to try to test this. |
|
A new snapshot should be available at https://wingit.blob.core.windows.net/files/index.html soon; please test! |
|
@abtOliver could you test this, please? |
There are actually two separate settings for the ca-bundle.crt file: one to validate HTTPS servers, and one to validate HTTPS proxies. We forgot the proxies. This is a port of the fix for git-for-windows/git#1493 Signed-off-by: Johannes Schindelin <[email protected]>
…rtificates of proxies (#3592) * curl: ensure that the correct ca-bundle.crt is used for HTTPS proxies There are actually two separate settings for the ca-bundle.crt file: one to validate HTTPS servers, and one to validate HTTPS proxies. We forgot the proxies. This is a port of the fix for git-for-windows/git#1493 Signed-off-by: Johannes Schindelin <[email protected]> * curl: increase pkgrel We just fixed the long-standing issue where cURL would not find the certificate bundle when trying to validate HTTPS *proxies*' certificates. Let's increase the pkgrel in preparation for a new build. Signed-off-by: Johannes Schindelin <[email protected]>
NOTE: This was already reported in #1453 but that was closed due to a bit of a flame war. Let's try again :)
Setup
64-bit
Sorry, already uninstalled, it was
Git-2.16.1.4-64-bit.exe.7, 64-bit.
defaults?
All defaults, apart from VS Code as the text editor.
to the issue you're seeing?
MITM https proxy
Details
Bash
Minimal, Complete, and Verifiable example
this will help us understand the issue.
works
URL to that repository to help us with testing?
Private Git server.
Thanks!
The text was updated successfully, but these errors were encountered: