Re: Https proxy auth issue with git in cygwin 2.2.1

[Adam Dinwoodie <adam@dinwoodie.org>]

On Fri, Sep 25, 2015 at 07:13:07AM +0000, LukaszPielak wrote:
> Adam Dinwoodie <adam <at> dinwoodie.org> writes:
> > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote:
> > > The git version is 2.5.1 and the curl version is 7.43.
> > > The error prints fatal: unable to access
> > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error
> > > in connection to github.com:443
>
> <snip>
> 
> Now I switched back to the old cygwin and tried the same
> 
> { ~ }  » uname -a
> CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin
> { ~ }  » curl --version
> curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8
> libidn/1.29 libssh2/1.5.0
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz TLS-SRP UnixSockets Metalink
> { ~ }  » git --version
> git version 2.1.4
> 
> <snip>
> 
> As you can see i still get the error, but git seems to work:
> 
> { mockito } master » git pull
> Already up-to-date.
> 
> This makes me think that it is rather a change in the recent git 
> version. To me it looks like git changed the way it makes a curl call.

I think I've found the problem, and you're right -- Git has changed the
way it makes the curl call.  The culprit is commit 5841520b in the
upstream Git repository, which has the following commit message:

| http: always use any proxy auth method available
|
| We set CURLOPT_PROXYAUTH to use the most secure authentication
| method available only when the user has set configuration variables
| to specify a proxy.  However, libcurl also supports specifying a
| proxy through environment variables.  In that case libcurl defaults
| to only using the Basic proxy authentication method, because we do
| not use CURLOPT_PROXYAUTH.
|
| Set CURLOPT_PROXYAUTH to always use the most secure authentication
| method available, even when there is no git configuration telling us
| to use a proxy. This allows the user to use environment variables to
| configure a proxy that requires an authentication method different
| from Basic.

I can't confirm this is the problem, though, as I don't have a test
environment that uses NTLM.

Do you have the ability to either run a test version of Git I can
produce that patches out this change, or (better) to build Git yourself
without this patch to see if that is indeed the change that's causing
the problem?

Adam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple