SSL problem in Federation

123 views
Skip to first unread message

peter...@gmail.com

unread,
Sep 25, 2012, 12:44:29 AM9/25/12
to git...@googlegroups.com
Hello. I'm trying to get a backup gitblit installation to pull from our master. I think I have things set up correctly, but am getting the following error in the log:

ERROR Failed to pull from federated gitblit (***** @ ******)
org.eclipse.jgit.api.errors.TransportException: **************.git: cannot open git-upload-pack
        at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
        at com.gitblit.utils.JGitUtils.fetchRepository(JGitUtils.java:251)
        at com.gitblit.utils.JGitUtils.cloneRepository(JGitUtils.java:202)
        at com.gitblit.FederationPullExecutor.pull(FederationPullExecutor.java:220)
        at com.gitblit.FederationPullExecutor.run(FederationPullExecutor.java:106)
        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
        at java.util.concurrent.FutureTask.run(Unknown Source)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.eclipse.jgit.errors.TransportException: ************.git: cannot open git-upload-pack
        at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:467)
        at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:276)
        at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:127)
        at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:113)
        at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1069)
        at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:128)
        ... 12 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fin
d valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at java.net.HttpURLConnection.getResponseCode(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
        at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:167)
        at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:430)
        ... 17 more

James Moger

unread,
Sep 25, 2012, 7:58:40 AM9/25/12
to git...@googlegroups.com
Looks like a cert issue.  Are you pulling within an intranet?  If so, perhaps http would be an option to get started and then you can switch to https.

A quick Google search turns up lots of hits.

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fin d valid certification path to requested target

-J

Alex Lewis

unread,
Oct 25, 2013, 7:20:15 AM10/25/13
to git...@googlegroups.com, peter...@gmail.com
If it helps I got around this problem by...

  1. Create a .gitconfig file in the home directory of the user used to run the Gitblit server.
  2. Edit .gitconfig, add the following section.
  3. Restart gitblit.
[http]
    sslVerify = false

This is essentially the same thing you do for selfsigned certficates in Git clients and in the federation case (AFAIK) the pulling server is behaving in part as a Git client when pulling the repositories.

HTH
Reply all
Reply to author
Forward
0 new messages