Reputation: 40319
Turning off Git's https verification
I am testing an internal git repository hosted with a self-signed Apache cert.
Unfortunately, I can't manage to push to it without an error like so
error: gnutls_handshake() failed: A TLS warning alert has been received. while accessing https://url
I have performed the following settings:
in .git/config
[http]
sslverify = false
And in the environment variable world:
declare -x CURLOPT_SSL_VERIFYHOST="0"
declare -x GIT_CURL_VERBOSE="1"
declare -x GIT_SSL_NO_VERIFY="true"
What else might be my problem?
Upvotes: 2
Views: 8552
Answers (4)
Reputation: 1035
Just as a reference for people having the same problem: it's very likely that this happens due to git using libcurl-gnutls3 version < 7.21.7 on old Debian and Ubuntu distros.
There was a bug in the library that made it misbehave at least when going through an HTTP proxy to reach a HTTPS website (either your own local proxy or a remote reverse proxy or a government's transparent proxy). The question doesn't state if the author was using a proxy or not but I strongly suspect the problem could be related if not the same. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559371
The fix is to either upgrade to a new distro that supports a fixed libcurl-gnutls3 version, rebuild it yourself, rebuild git to use libcurl-openssl (see https://askubuntu.com/questions/186847/error-gnutls-handshake-falied ) or... avoid using https
Upvotes: 3
Reputation: 1
I was having a similar problem. After populating the servername in apache config for virtualhost, this worked. while curl --cacert https..var.git works, git clone https:..var.git threw the error -
Cloning into 'var'... error: gnutls_handshake() failed: A TLS warning alert has been received. while accessing https://foo.server/var.git/info/refs fatal: HTTP request failed
one more thing you should do, is after you do
cd /var/www/var (var is the document root)
sudo git clone --bare ~foo/var sudo git update-server-info
Upvotes: 0
Reputation: 943
It could be that ServerName in your apache VirtualHost is not right. It should correspond to the certificate server name. To find out the reason of TLS alert I suggest running wireshark.
Upvotes: 1
Reputation: 14508
Make git use the HTTPS instead:
Assuming your self-signed certificate is:
/etc/ssl/certs/selfsigned.pem
Do the following:
openssl x509 -in /etc/ssl/certs/selfsigned.pem -out ~/certs/selfsigned.crt
git config --global http.sslcainfo ~/certs/selfsigned.crt
Upvotes: 0
Related Questions
- How do I get git to default to ssh and not https for new repositories
- How can I make git accept a self signed certificate?
- How do I set GIT_SSL_NO_VERIFY for specific repos only?
- I don't understerstand how I can use git with HTTPS without having to type in my password every time?
- Git: http.sslVerify false global but only for specific remote
- TLS certificate verification has been disabled! while trying to git fetch
- Git remote and GIT_SSL_NO_VERIFY
- force git ignore ssl regardless of configs?
- How to turn off SSL verification in GitPitch?
- Force git over SSL (Ubuntu config)