From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26060 invoked by alias); 5 Oct 2015 20:23:01 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 26045 invoked by uid 89); 5 Oct 2015 20:22:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-wi0-f174.google.com Received: from mail-wi0-f174.google.com (HELO mail-wi0-f174.google.com) (209.85.212.174) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Mon, 05 Oct 2015 20:22:57 +0000 Received: by wiclk2 with SMTP id lk2so131145438wic.1 for ; Mon, 05 Oct 2015 13:22:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=j1EcyeFd5SFm+18DV25WHLxJHDitv4Ae2YBB7ExOp+8=; b=d/36nu6y/8Ms3+jeG8jOPwQKmA0gOGQNMwtwu+zqnpyWDj905jGm6XWZM5r5EPM9rX dGAyaIYP6TVwSbc8jGSK0yp0GZM1TwIIPm33N3jZOCK+QS7IYwJfYyNqipyG4npNqtzh FpvikIipkyzVkpKmi90/dUfi1YOOojXynA15oVhcqC8D11EamykpixgdNKTEL9x7gpaT C0xlWDyo+0QC0gbEuOoasBODN3N/JaQFpv+2TA4jcLHtuiH37yskBVFD3nnz1VyCQ84g 6arFR7/not7egDKdXrTdJqRXMjnRxwGespkSMGoeSQYJehhQhTFY1pDJUhtqgzW1Xwk+ jNXw== X-Gm-Message-State: ALoCoQlK2QcbRQOGf39UPsxQorjahZDtka+rHIBx5xoyZe6OU47o2CY/7J1z2aR91RKImHDR4PfI X-Received: by 10.180.211.243 with SMTP id nf19mr14088083wic.74.1444076574601; Mon, 05 Oct 2015 13:22:54 -0700 (PDT) Received: from dinwoodie.org ([2001:ba8:0:1c0::9:1]) by smtp.gmail.com with ESMTPSA id gd10sm6604219wjb.47.2015.10.05.13.22.53 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 05 Oct 2015 13:22:53 -0700 (PDT) Date: Mon, 05 Oct 2015 20:23:00 -0000 From: Adam Dinwoodie To: cygwin@cygwin.com Subject: Re: Https proxy auth issue with git in cygwin 2.2.1 Message-ID: <20151005202249.GM14466@dinwoodie.org> References: <20150921103100.GF14466@dinwoodie.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes X-SW-Source: 2015-10/txt/msg00054.txt.bz2 On Fri, Sep 25, 2015 at 07:13:07AM +0000, LukaszPielak wrote: > Adam Dinwoodie dinwoodie.org> writes: > > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote: > > > The git version is 2.5.1 and the curl version is 7.43. > > > The error prints fatal: unable to access > > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > > > in connection to github.com:443 > > > > Now I switched back to the old cygwin and tried the same > > { ~ } » uname -a > CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin > { ~ } » curl --version > curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8 > libidn/1.29 libssh2/1.5.0 > Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps > pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp > Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM > NTLM_WB SSL libz TLS-SRP UnixSockets Metalink > { ~ } » git --version > git version 2.1.4 > > > > As you can see i still get the error, but git seems to work: > > { mockito } master » git pull > Already up-to-date. > > This makes me think that it is rather a change in the recent git > version. To me it looks like git changed the way it makes a curl call. I think I've found the problem, and you're right -- Git has changed the way it makes the curl call. The culprit is commit 5841520b in the upstream Git repository, which has the following commit message: | http: always use any proxy auth method available | | We set CURLOPT_PROXYAUTH to use the most secure authentication | method available only when the user has set configuration variables | to specify a proxy. However, libcurl also supports specifying a | proxy through environment variables. In that case libcurl defaults | to only using the Basic proxy authentication method, because we do | not use CURLOPT_PROXYAUTH. | | Set CURLOPT_PROXYAUTH to always use the most secure authentication | method available, even when there is no git configuration telling us | to use a proxy. This allows the user to use environment variables to | configure a proxy that requires an authentication method different | from Basic. I can't confirm this is the problem, though, as I don't have a test environment that uses NTLM. Do you have the ability to either run a test version of Git I can produce that patches out this change, or (better) to build Git yourself without this patch to see if that is indeed the change that's causing the problem? Adam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple