We have an internal server that GnuTLS does not like, for example:
gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt foo.example.com
Processed 173 CA certificate(s).
Resolving 'foo.example.com'...
Connecting to '1.2.3.4:443'...
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
Everything except GnuTLS communicates normally with it, but git seems to use GnuTLS out of the box on Ubuntu 14.04.2 LTS, so git doesn't work:
GIT_CURL_VERBOSE=1 git clone https://foo.example.com/some-repo.git
Cloning into 'some-repo'...
* Couldn't find host foo.example.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 1.2.3.4...
* Connected to foo.example.com (1.2.3.4) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
fatal: unable to access 'https://foo.example.com/some-repo.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
We are working on fixing incompatibility with GnuTLS, but at the same time, is there a way to get git to tell curl to use a different SSL mechanism at runtime (i.e. not to rebuild git from source)?
source
share