Failing to pass SSL AUTH while using Repo Tool

[gsta...@equiis.com]

Hello, I am currently running a gerrit server behind an nginx proxy. I am able to sync code from my server, but when i make changes and attempt to use repo upload (which uses my review), it fails.

My review is currently set to https://gerrit.mysite.com. My gerrit auth is set to HTTP, and nginx passes the user derive from the client certificate, so there is no password for auth. I have attempted to use the following commands in order to upload a specific project change via repo upload:

git config --local http.sslCert "/mycert.crt"
git config --local http.sslKey "/mycert.key"
git config --local http.sslCaInfo "/cacert.crt"
git config --local http.sslVerify "false" <---- Also tried true

The error i get when i try to repo upload is:

[FAILED] device/qcom/msm8996/ topic/blabla   

       (https://gerrit.mysite.com: HTTP Error 400: Bad Request)

This error is the same as when i attempt to access the site via my browser without passing any certificate, which leads me to believe that the repo tool is not passing any of the certs that i've defined in my git config. 

Alternatively, When i try to use SSH (ssh://ad...@gerrit.mysite.com:29418) as my review site instead i get the error:

[FAILED] device/qcom/msm8996/ topic/blabla   

       (ssh://ad...@gerrit.mysite.com:29418: <urlopen error [Errno -2] Name or service not known>)

Which leads me to believe that code review is only available through HTTP or HTTPS protocol. So, is it possible to have repo upload pass my certs in order to bypass the SSL auth?

Thanks for any and all input. If you require any further information from me please do not hesitate to ask.

[Sven Selberg]

Is it not the curl to <gerrit-site>/ssh_info that fails?

Sven Selberg


---- gsta...@equiis.com skrev ----

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com<mailto:repo-discuss...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.

[gsta...@equiis.com]

Git curl <gerrit site>/ssh_info returns

sitename ssh port

[gsta...@equiis.com]

Sorry, thats just Curl, no git.

[Sven Selberg]

My fault entirely. I misread, I thought you got you got an http error when using ssh.

/Sven

[Sven Selberg]

On the other hand.

If the response from ssh_info really is "sitename ssh port" I believe that could be part of the problem IIUC, it should return something in the region of "gerrit.mysite.com 29418" (if you're using the standard gerrit ssh port). Perhaps someone more Repo savvy than me would be a better fit for pointing you in the right direction... :-)

/Sven

[gsta...@equiis.com]

Hey Sven, I managed to solve the issue. You were correct in your assumptions that the issue lied with the ssh_info... While i could curl the ssh_info, i had to pass the SSL cert to successfully authenticate through HTTPS, since repo doesn't pass certs, it was unable to get the ssh_info. So what i did to solve the issue was this:

In Nginx I created a redirect rule for http://gerrit.mysite.com/ssh_info to a plain text file with the desired ssh_info output. Now my repo upload works flawlessly, a bit of a patchwork fix, but it gets the job done.

Thank you for your help!

[Sven Selberg]

Glad it worked out!

b^.^d

/Sven