gitblit GO:Unknown SSL protocol error in connection

890 views
Skip to first unread message

fgi...@ci2s.com.ar

unread,
Jun 26, 2013, 5:34:47 PM6/26/13
to git...@googlegroups.com
I'm hosting a gitblit server on EC2. I've made my own Certificates with Start SSL
and I'm able to:

 1. access the gitblit site via https (browser)
 2. clone from localhost (the server itself)

When I'm trying to clone the repository to my pc from the terminal using the mac os git client
I get

    export $GIT_CURL_VERBOSE=1
    cloning into 'testing123'...
    * Couldn't find host mydomain.com in the .netrc file; using defaults
    * About to connect() to mydomain.com port 443 (#0)
    *   Trying xxx.xxx.xxx.xxx...
    * Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0)
    * Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
      CApath: none
    * Unknown SSL protocol error in connection to mydomain.com:443 
    * Closing connection #0
    error: Unknown SSL protocol error in connection to mydomain.com:443  while accessing https://us...@mydomain.com/git/testing123.git/info/refs
    fatal: HTTP request failed


Using openssl I got

    OpenSSL> s_client -tls1_2 -connect mydomain.com:443
    CONNECTED(00000003)
    140735107039708:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 0 bytes and written 0 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : 0000
        Session-ID: 
        Session-ID-ctx: 
        Master-Key: 
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1372280840
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
    ---
    error in s_client

Since I had to create my own keystore because my server does not need to have x11,
I stored

serverKeyStore.jks

 - private key for mydomain
 - mydomain class 1 primary intermediate cert
 - startcom CA
 - startcom class 1 primary intermadiate CA

serverTrustStore.jks

 - startcom CA
 - startcom class 1 primary client CA
 - startcom class 1 primary server CA

I don't know if this is correct or not. If I had to store myself into the stores to make this work, trust me, I would. I googled so hard that I almost hit the end of the interwebs (and we all know that there's a lot of goatse there x_X). So I don't know what else to do.



Versions server:
    Debian Wheezy
    curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
     
Versions client:
    Mac OS X 10.8
    git 1.7.11.1
    OpenSSL 1.0.1e 11 Feb 2013

    curl 7.26.0 (x86_64-apple-darwin11.3.0) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.8 libidn/1.25
    Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
    Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 


Thanks for your time and help

Tamas Papp

unread,
Jun 27, 2013, 3:32:03 AM6/27/13
to git...@googlegroups.com, fgi...@ci2s.com.ar
On 06/26/2013 11:34 PM, fgi...@ci2s.com.ar wrote:
I'm hosting a gitblit server on EC2. I've made my own Certificates with Start SSL
and I'm able to:

 1. access the gitblit site via https (browser)
 2. clone from localhost (the server itself)

When I'm trying to clone the repository to my pc from the terminal using the mac os git client
I get

    export $GIT_CURL_VERBOSE=1
    cloning into 'testing123'...
    * Couldn't find host mydomain.com in the .netrc file; using defaults
    * About to connect() to mydomain.com port 443 (#0)
    *   Trying xxx.xxx.xxx.xxx...
    * Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0)
    * Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
      CApath: none
    * Unknown SSL protocol error in connection to mydomain.com:443 
    * Closing connection #0
    error: Unknown SSL protocol error in connection to mydomain.com:443  while accessing https://us...@mydomain.com/git/testing123.git/info/refs
    fatal: HTTP request failed




Have you tried

GIT_SSL_NO_VERIFY=true

or


git config [--global] http.sslVerify false

?



tamas

James Moger

unread,
Jun 27, 2013, 10:36:30 AM6/27/13
to git...@googlegroups.com
When you did your clone test on localhost... were you using https?

Is there a proxy server between Mac<->Debian ?

-J

Lic. Francisco Gindre

unread,
Jun 27, 2013, 2:32:43 PM6/27/13
to git...@googlegroups.com
@Tamas:
I tried what you said with no luck.

Lic. Francisco Gindre
Ci2S Labs - Vice Director
IEEE Member# 91130670
Home:+5411 5032 3615
Mobile: +5411 6096 2879


On Jun 27, 2013, at 12:15 PM, Francisco Gindre <francisc...@gmail.com> wrote:

@Tamas
I will try that ASAP

@James
When I believe I did clone with https. I´ve tried so much stuff that I can´t recall completely.
No proxy, just a router. But I don´t have problems when cloning other repos on other servers



--
You received this message because you are subscribed to a topic in the Google Groups "gitblit" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gitblit/qF8p9fCRDcE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gitblit+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Lic. Francisco Gindre
Software Developer 

IEEE Member# 91130670
Home:+5411 5032 3615
Mobile: +5411 6096 2879


Israel Klein

unread,
Nov 26, 2013, 3:22:07 AM11/26/13
to git...@googlegroups.com
Hi,

I am having the same problem, did you find a solution?

Thanks
Reply all
Reply to author
Forward
0 new messages