peer's certificate issuer has been marked as not trusted by the user.

[Valentin Kragelj]

Hi,

We are running virtual machine with CentOS and Review Board. I want to add repository from our local git server that runs Gitblit (apparently it has all the API stuff that cgit has). I used "git http.sslVerify = false". I then tried to add repository, but get error in reviewboard's log "peer's certificate issuer has been marked as not trusted by the user.".

I then installed certificate in virtual machine for my gitblit account, tried adding repository in RB again, but still get the same error.

Any tips on how to solve this?

Also, for adding cgit repository in official RB documentation it says to add "http://servername/browse/repo_name/blob/<filename>?id=<revision>" under raw url mask. What is a <filename> here?

[Valentin Kragelj]

I'm still struggling to make it work. See attached picture for my settings and error from file reviewboard.log. In ~gitconfig i have "[http] sslVerify = false".

[Christian Hammond]

Hi Valentin,

Self-signed certificates are going to pose problems at a couple layers. Setting `git http.sslVerify = false` in Gitblit or for some user isn't going to help, because it's the Review Board git interaction that's posing the issue, and it creates an internal environment with which to execute commands like git. You can try setting the appropriate flags in $rbsitedir/data/.gitconfig, which might work, but then you're going to run into Python's own problems with self-signed certificates.

What you may want to investigate is setting up an internal cert authority, creating the certificate through that, and adding your authority as part of the cert chain on the server. You'll need to read instructions on how to set this for your OS and for Python on your OS, but it would allow git and Python to validate the cert. That's a bit beyond the scope of what I can help with on the community support forum, though.

Alternatively, if your infrastructure is compatible with it, you may be able to get a LetsEncrypt-based SSL certificate, which is free and can be validated. See https://letsencrypt.org/

Christian

On Tue, Nov 26, 2019 at 1:28 AM Valentin Kragelj <vale...@gmail.com> wrote:

I'm still struggling to make it work. See attached picture for my settings and error from file reviewboard.log. In ~gitconfig i have "[http] sslVerify = false".

--
Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/af6dd7a7-6a72-4f48-8aa3-46fbc0458eae%40googlegroups.com.

--

Christian Hammond

President/CEO of Beanbag

Makers of Review Board

[Valentin Kragelj]

Thank you for excessive answer. I looked up /var/www/reviewboard/data, but there is no ".gitconfig" file, only ".pki" folder. Is it possible that it is stored somewhere else (where?) ?

On Tuesday, 26 November 2019 10:52:47 UTC+1, Christian Hammond wrote:

Hi Valentin,

Self-signed certificates are going to pose problems at a couple layers. Setting `git http.sslVerify = false` in Gitblit or for some user isn't going to help, because it's the Review Board git interaction that's posing the issue, and it creates an internal environment with which to execute commands like git. You can try setting the appropriate flags in $rbsitedir/data/.gitconfig, which might work, but then you're going to run into Python's own problems with self-signed certificates.

What you may want to investigate is setting up an internal cert authority, creating the certificate through that, and adding your authority as part of the cert chain on the server. You'll need to read instructions on how to set this for your OS and for Python on your OS, but it would allow git and Python to validate the cert. That's a bit beyond the scope of what I can help with on the community support forum, though.

Alternatively, if your infrastructure is compatible with it, you may be able to get a LetsEncrypt-based SSL certificate, which is free and can be validated. See https://letsencrypt.org/

Christian

On Tue, Nov 26, 2019 at 1:28 AM Valentin Kragelj <vale...@gmail.com> wrote:

I'm still struggling to make it work. See attached picture for my settings and error from file reviewboard.log. In ~gitconfig i have "[http] sslVerify = false".

--
Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "Review Board Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to revie...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/af6dd7a7-6a72-4f48-8aa3-46fbc0458eae%40googlegroups.com.

[Christian Hammond]

Hi Valentin,

There won’t be a default one. We don’t create or maintain one. However, we do set the data directory as HOME when executing git, so in theory it should make use of a config file there.

Christian

To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/218d2814-29df-4fa4-994f-efd100745a15%40googlegroups.com.

--