* Https proxy auth issue with git in cygwin 2.2.1 @ 2015-09-21 6:55 Lukasz Pielak 2015-09-21 10:20 ` Andrey Repin 2015-09-21 10:31 ` Adam Dinwoodie 0 siblings, 2 replies; 9+ messages in thread From: Lukasz Pielak @ 2015-09-21 6:55 UTC (permalink / raw) To: cygwin Hi In the latest Cygwin 2.2.1. git doesn’t work with proxy authentication. The git version is 2.5.1 and the curl version is 7.43. The error prints fatal: unable to access 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error in connection to github.com:443 In my previous Cygwin 1.7.35 (with curl 7.41) this problem didn’t exist. Git for windows (git 2.5.1 version, but curl is 7.44) seems to work too. I assume that there is a bug in curl rather than in git. Console output: { mockito } master » uname -a ~/gitrepo/demo/mockito 127 CYGWIN_NT-6.1-WOW K11263 2.2.1(0.289/5/3) 2015-08-20 11:40 i686 Cygwin { mockito } master » { mockito } master » curl --version ~/gitrepo/demo/mockito curl 7.43.0 (i686-pc-cygwin) libcurl/7.43.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.29 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink { mockito } master » GIT_TRACE=2 git pull ~/gitrepo/demo/mockito 12:22:48.164349 git.c:558 trace: exec: 'git-pull' 12:22:48.164349 run-command.c:347 trace: run_command: 'git-pull' 12:22:48.429558 git.c:348 trace: built-in: git 'rev-parse' '--parseopt' '--stuck-long' '--' 12:22:48.689167 git.c:348 trace: built-in: git 'rev-parse' '--git-dir' 12:22:48.860772 git.c:348 trace: built-in: git 'rev-parse' '--git-path' 'objects' 12:22:49.032378 git.c:348 trace: built-in: git 'rev-parse' '--is-bare-repository' 12:22:49.094780 git.c:348 trace: built-in: git 'rev-parse' '--show-toplevel' 12:22:49.188383 git.c:348 trace: built-in: git 'ls-files' '-u' 12:22:49.297586 git.c:348 trace: built-in: git 'symbolic-ref' '-q' 'HEAD' 12:22:49.469192 git.c:348 trace: built-in: git 'config' 'branch.master.rebase' 12:22:49.656398 git.c:348 trace: built-in: git 'config' 'pull.rebase' 12:22:49.843604 git.c:348 trace: built-in: git 'config' 'pull.ff' 12:22:49.921606 git.c:348 trace: built-in: git 'rev-parse' '-q' '--verify' 'HEAD' 12:22:50.015209 git.c:348 trace: built-in: git 'fetch' '--update-head-ok' 12:22:50.171214 run-command.c:347 trace: run_command: 'git-remote-https' 'origin' 'https://github.com/mockito/mockito.git' fatal: unable to access 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error in connection to github.com:443 { mockito } master » GIT_CURL_VERBOSE=1 git pull ~/gitrepo/demo/mockito 1 * STATE: INIT => CONNECT handle 0x800834c8; line 1075 (connection #-5000) * Couldn't find host github.com in the .netrc file; using defaults * Added connection 0. The cache now contains 1 members * Trying 10.105.36.152... * STATE: CONNECT => WAITCONNECT handle 0x800834c8; line 1128 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.152) port 8080 (#0) * STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x800834c8; line 1225 (connection #0) * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 Host: github.com:443 User-Agent: git/2.5.1 Proxy-Connection: Keep-Alive * Read response immediately from proxy CONNECT < HTTP/1.1 407 Proxy Authentication Required < Proxy-Authenticate: NEGOTIATE < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: close < Connection: close < Content-Length: 1551 < * Ignore 1551 bytes of response-body * Connect me again please * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Unknown SSL protocol error in connection to github.com:443 * Curl_done * Closing connection 0 * The cache now contains 0 members * STATE: WAITPROXYCONNECT => CONNECT handle 0x800834c8; line 1208 (connection #-5000) * Couldn't find host github.com in the .netrc file; using defaults * Added connection 1. The cache now contains 1 members * Hostname webproxy.mycorp.com was found in DNS cache * Trying 10.105.36.152... * STATE: CONNECT => WAITCONNECT handle 0x800834c8; line 1128 (connection #1) * Connected to webproxy.mycorp.com (10.105.36.152) port 8080 (#1) * STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x800834c8; line 1225 (connection #1) * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 Host: github.com:443 User-Agent: git/2.5.1 Proxy-Connection: Keep-Alive * Read response immediately from proxy CONNECT < HTTP/1.1 407 Proxy Authentication Required < Proxy-Authenticate: NEGOTIATE * gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: close < Connection: close < Content-Length: 1551 < * Received HTTP code 407 from proxy after CONNECT * Expire cleared * Curl_done * Closing connection 1 * The cache now contains 0 members fatal: unable to access 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error in connection to github.com:443 Thanks Lukasz -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-21 6:55 Https proxy auth issue with git in cygwin 2.2.1 Lukasz Pielak @ 2015-09-21 10:20 ` Andrey Repin 2015-09-21 10:32 ` Lukasz Pielak 2015-09-21 10:31 ` Adam Dinwoodie 1 sibling, 1 reply; 9+ messages in thread From: Andrey Repin @ 2015-09-21 10:20 UTC (permalink / raw) To: Lukasz Pielak, cygwin Greetings, Lukasz Pielak! > In the latest Cygwin 2.2.1. git doesn’t work with proxy authentication. > The git version is 2.5.1 and the curl version is 7.43. > The error prints fatal: unable to access > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > in connection to github.com:443 $ curl --version; curl -siIH "Host: github.com" https://github.com/mockito/mockito.git/ curl 7.43.0 (x86_64-unknown-cygwin) libcurl/7.43.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.29 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink HTTP/1.1 301 Moved Permanently Server: GitHub.com Date: Mon, 21 Sep 2015 10:07:26 GMT Content-Type: text/html Content-Length: 178 Location: https://github.com/mockito/mockito/ Vary: Accept-Encoding X-Served-By: a568c03544f42dddf712bab3bfd562fd $ git ls-remote https://github.com/mockito/mockito.git a821f7b0ec47f3214bf6f0361df5deb211fa2214 HEAD 6e8ab32df8b3c85cdcdc77b4348a57e15227f76c refs/heads/gh-pages a821f7b0ec47f3214bf6f0361df5deb211fa2214 refs/heads/master 64ed9c5ec562851d109baa700fa075ffde3662cd refs/heads/release 63af88de0f9d8c5233db2996241f8ad3fae3d47d refs/heads/sf-spy-hack 29b082b4b789e0e166d898f70de8e8338a6139d1 refs/heads/travis_oracle_jdk8 13c7321d5e719a802b52cf9d825ccf27dc7e015e refs/pull/10/head ... Sooo, how about "update your Cygwin" ? -- With best regards, Andrey Repin Monday, September 21, 2015 13:07:33 Sorry for my terrible english... ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-21 10:20 ` Andrey Repin @ 2015-09-21 10:32 ` Lukasz Pielak 0 siblings, 0 replies; 9+ messages in thread From: Lukasz Pielak @ 2015-09-21 10:32 UTC (permalink / raw) To: cygwin Hi Andrey thanks for your reply. What exactly do you mean by 'update your Cygwin'?. I'm running the latest Cygwin x86 2.2.1 with curl curl 7.43.0. curl --version curl 7.43.0 (i686-pc-cygwin) libcurl/7.43.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.29 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink Thanks Lukasz On 21 September 2015 at 12:14, Andrey Repin <anrdaemon@yandex.ru> wrote: > Greetings, Lukasz Pielak! > >> In the latest Cygwin 2.2.1. git doesn’t work with proxy authentication. >> The git version is 2.5.1 and the curl version is 7.43. >> The error prints fatal: unable to access >> 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error >> in connection to github.com:443 > > $ curl --version; curl -siIH "Host: github.com" https://github.com/mockito/mockito.git/ > curl 7.43.0 (x86_64-unknown-cygwin) libcurl/7.43.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.29 libssh2/1.5.0 > Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp > Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink > HTTP/1.1 301 Moved Permanently > Server: GitHub.com > Date: Mon, 21 Sep 2015 10:07:26 GMT > Content-Type: text/html > Content-Length: 178 > Location: https://github.com/mockito/mockito/ > Vary: Accept-Encoding > X-Served-By: a568c03544f42dddf712bab3bfd562fd > $ git ls-remote https://github.com/mockito/mockito.git > a821f7b0ec47f3214bf6f0361df5deb211fa2214 HEAD > 6e8ab32df8b3c85cdcdc77b4348a57e15227f76c refs/heads/gh-pages > a821f7b0ec47f3214bf6f0361df5deb211fa2214 refs/heads/master > 64ed9c5ec562851d109baa700fa075ffde3662cd refs/heads/release > 63af88de0f9d8c5233db2996241f8ad3fae3d47d refs/heads/sf-spy-hack > 29b082b4b789e0e166d898f70de8e8338a6139d1 refs/heads/travis_oracle_jdk8 > 13c7321d5e719a802b52cf9d825ccf27dc7e015e refs/pull/10/head > ... > > Sooo, how about "update your Cygwin" ? > > > -- > With best regards, > Andrey Repin > Monday, September 21, 2015 13:07:33 > > Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-21 6:55 Https proxy auth issue with git in cygwin 2.2.1 Lukasz Pielak 2015-09-21 10:20 ` Andrey Repin @ 2015-09-21 10:31 ` Adam Dinwoodie 2015-09-21 10:39 ` Achim Gratz 2015-09-25 7:20 ` LukaszPielak 1 sibling, 2 replies; 9+ messages in thread From: Adam Dinwoodie @ 2015-09-21 10:31 UTC (permalink / raw) To: cygwin On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote: > In the latest Cygwin 2.2.1. git doesnât work with proxy authentication. What do you mean by proxy authentication here? What do you have configured, and how? > The git version is 2.5.1 and the curl version is 7.43. > The error prints fatal: unable to access > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > in connection to github.com:443 WJFFM with those versions, but then I'm not using any sort of web proxy. > In my previous Cygwin 1.7.35 (with curl 7.41) this problem didnât > exist. Git for windows (git 2.5.1 version, but curl is 7.44) seems to > work too. Are you able to test any other combinations of these? I don't think the results for Git for Windows are going to be particularly informative -- there are too many variables between that build and Cygwin's -- but knowing whether it's the bump from Cygwin v1.7.35 to v2.2.1, or from Curl v7.41 to v7.43, would be potentially useful. > I assume that there is a bug in curl rather than in git. As an interim solution, does using ssh instead of https work? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-21 10:31 ` Adam Dinwoodie @ 2015-09-21 10:39 ` Achim Gratz 2015-09-25 7:20 ` LukaszPielak 1 sibling, 0 replies; 9+ messages in thread From: Achim Gratz @ 2015-09-21 10:39 UTC (permalink / raw) To: cygwin Adam Dinwoodie <adam <at> dinwoodie.org> writes: > As an interim solution, does using ssh instead of https work? He's forced through the abomination of a proxy requiring NTLM authentication, so I'd say his chances of having SSH connections to the outside are pretty slim. He could try cntlm, though (not packaged yet for Cygwin since upstream seems to have disappeared, but I've been working on some patches to have it not crash on 64bit). http://repo.or.cz/w/cntlm.git/shortlog/refs/heads/cygwin-auto Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-21 10:31 ` Adam Dinwoodie 2015-09-21 10:39 ` Achim Gratz @ 2015-09-25 7:20 ` LukaszPielak 2015-10-05 20:23 ` Adam Dinwoodie 1 sibling, 1 reply; 9+ messages in thread From: LukaszPielak @ 2015-09-25 7:20 UTC (permalink / raw) To: cygwin Adam Dinwoodie <adam <at> dinwoodie.org> writes: > > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote: > > In the latest Cygwin 2.2.1. git doesn’t work with proxy authentication. > > What do you mean by proxy authentication here? What do you have > configured, and how? > > > The git version is 2.5.1 and the curl version is 7.43. > > The error prints fatal: unable to access > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > > in connection to github.com:443 > > WJFFM with those versions, but then I'm not using any sort of web proxy. > > > In my previous Cygwin 1.7.35 (with curl 7.41) this problem didn’t > > exist. Git for windows (git 2.5.1 version, but curl is 7.44) seems to > > work too. > > Are you able to test any other combinations of these? I don't think the > results for Git for Windows are going to be particularly informative - - > there are too many variables between that build and Cygwin's -- but > knowing whether it's the bump from Cygwin v1.7.35 to v2.2.1, or from > Curl v7.41 to v7.43, would be potentially useful. > > > I assume that there is a bug in curl rather than in git. > > As an interim solution, does using ssh instead of https work? > > Hi Adam ssh over https is unfortunately not an option. I experimented with with curl instead of git a bit: With --proxy-negotiate i get: curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-negotiate http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.151... * STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225 (connection #0) * STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection #0) > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required * gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate < Proxy-Authenticate: NEGOTIATE < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 * HTTP/1.1 proxy connection set close! < Proxy-Connection: close < Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/ < Connection: close < Content-Length: 1551 < <html> <head> <title>Access Denied</title> </head> With proxy-ntlm it seems to work though curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-ntlm http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.151... * STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225 (connection #0) * STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection #0) * Proxy auth using NTLM with user 'myuser' > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required < Proxy-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokCrqa74bTKLosAAAAAAAAAAHYAdgA/AAAABgGxHQAA AA9OVC1TQkIxAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUANgA4AAQADABzAGIAYgAu AGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIAYQBkAHIAYQBpAGwALgBj AGgABwAIAOjj+Rta9dABAAAAAA== < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: Keep-Alive < Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/ < Connection: Keep-Alive < Content-Length: 1568 < * Ignoring the response-body * Curl_done * Connection #0 to host webproxy.mycorp.com left intact * Issue another request to this URL: 'http://mirror.provider.org/package.rpm' * STATE: PERFORM => CONNECT handle 0x80048388; line 1593 (connection #-5000) * Found bundle for host mirror.provider.org: 0x8005b3f0 * Re-using existing connection! (#0) with proxy webproxy.mycorp.com * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: CONNECT => DO handle 0x80048388; line 1121 (connection #0) * Proxy auth using NTLM with user 'myuser' > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACmAKYAWAAAAAAAAAD+AAAABwAHAP4AAAAGAAYABQEAAAAA AAAAAAAABoKJAhvGb+LTOmku2XPOiA6YSDWn4N5/nvfBGSXfJmwNZpFtA+BoIeymbekBAQAA AAAAAIANcRta9dABp+Def573wRkAAAAAAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUA NgA4AAQADABzAGIAYgAuAGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIA YQBkAHIAYQBpAGwALgBjAGgABwAIAOjj+Rta9dABAAAAAAAAAAB1ZTYzNjYySzExMjYz > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.0, assume close after body < HTTP/1.0 302 Found < Location: http://mirror.provider.org/notify-NotifySplashOrange? aHR0cDovL21pcnJvci5wcm92aWRlci5vcmcvcGFja2FnZS5ycG0= < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: close < Connection: close < Content-Length: 1449 < <html> <head> <title>Redirect</title> </head> <body> Now I switched back to the old cygwin and tried the same { ~ } » uname -a CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin { ~ } » curl --version curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8 libidn/1.29 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink { ~ } » git --version git version 2.1.4 curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-negotiate http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x800481f8; line 1034 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.152... * STATE: CONNECT => WAITCONNECT handle 0x800481f8; line 1087 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.152) port 8080 (#0) * STATE: WAITCONNECT => DO handle 0x800481f8; line 1229 (connection #0) > GET http://mirror.provider.org/package.rpm HTTP/1.1 > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Host: mirror.provider.org > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x800481f8; line 1314 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x800481f8; line 1441 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x800481f8; line 1454 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required * gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate < Proxy-Authenticate: NEGOTIATE < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 * HTTP/1.1 proxy connection set close! < Proxy-Connection: close < Set-Cookie: BCSI-CS-7390672db2e928d5=2; Path=/ < Connection: close < Content-Length: 1551 < <html> <head> <title>Access Denied</title> </head> <body> As you can see i still get the error, but git seems to work: { mockito } master » git pull Already up-to-date. This makes me think that it is rather a change in the recent git version. To me it looks like git changed the way it makes a curl call. Unfortunately this doesn't resolve my issues, I still need to use git over https in cygwin. Any hints? Cheers Lukasz ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-09-25 7:20 ` LukaszPielak @ 2015-10-05 20:23 ` Adam Dinwoodie 2015-10-16 12:30 ` Johan Laenen 0 siblings, 1 reply; 9+ messages in thread From: Adam Dinwoodie @ 2015-10-05 20:23 UTC (permalink / raw) To: cygwin On Fri, Sep 25, 2015 at 07:13:07AM +0000, LukaszPielak wrote: > Adam Dinwoodie <adam <at> dinwoodie.org> writes: > > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote: > > > The git version is 2.5.1 and the curl version is 7.43. > > > The error prints fatal: unable to access > > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > > > in connection to github.com:443 > > <snip> > > Now I switched back to the old cygwin and tried the same > > { ~ } » uname -a > CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin > { ~ } » curl --version > curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8 > libidn/1.29 libssh2/1.5.0 > Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps > pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp > Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM > NTLM_WB SSL libz TLS-SRP UnixSockets Metalink > { ~ } » git --version > git version 2.1.4 > > <snip> > > As you can see i still get the error, but git seems to work: > > { mockito } master » git pull > Already up-to-date. > > This makes me think that it is rather a change in the recent git > version. To me it looks like git changed the way it makes a curl call. I think I've found the problem, and you're right -- Git has changed the way it makes the curl call. The culprit is commit 5841520b in the upstream Git repository, which has the following commit message: | http: always use any proxy auth method available | | We set CURLOPT_PROXYAUTH to use the most secure authentication | method available only when the user has set configuration variables | to specify a proxy. However, libcurl also supports specifying a | proxy through environment variables. In that case libcurl defaults | to only using the Basic proxy authentication method, because we do | not use CURLOPT_PROXYAUTH. | | Set CURLOPT_PROXYAUTH to always use the most secure authentication | method available, even when there is no git configuration telling us | to use a proxy. This allows the user to use environment variables to | configure a proxy that requires an authentication method different | from Basic. I can't confirm this is the problem, though, as I don't have a test environment that uses NTLM. Do you have the ability to either run a test version of Git I can produce that patches out this change, or (better) to build Git yourself without this patch to see if that is indeed the change that's causing the problem? Adam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-10-05 20:23 ` Adam Dinwoodie @ 2015-10-16 12:30 ` Johan Laenen 2015-11-23 22:40 ` Adam Dinwoodie 0 siblings, 1 reply; 9+ messages in thread From: Johan Laenen @ 2015-10-16 12:30 UTC (permalink / raw) To: cygwin Adam Dinwoodie <adam <at> dinwoodie.org> writes: > I think I've found the problem, and you're right -- Git has changed the > way it makes the curl call. The culprit is commit 5841520b in the > upstream Git repository, which has the following commit message: > > | http: always use any proxy auth method available > | > | We set CURLOPT_PROXYAUTH to use the most secure authentication > | method available only when the user has set configuration variables > | to specify a proxy. However, libcurl also supports specifying a > | proxy through environment variables. In that case libcurl defaults > | to only using the Basic proxy authentication method, because we do > | not use CURLOPT_PROXYAUTH. > | > | Set CURLOPT_PROXYAUTH to always use the most secure authentication > | method available, even when there is no git configuration telling us > | to use a proxy. This allows the user to use environment variables to > | configure a proxy that requires an authentication method different > | from Basic. > > I can't confirm this is the problem, though, as I don't have a test > environment that uses NTLM. > > Do you have the ability to either run a test version of Git I can > produce that patches out this change, or (better) to build Git yourself > without this patch to see if that is indeed the change that's causing > the problem? > Hi There, I can into the exact same problem after upgrading to the latest cygwin version. So, following your advice, I took git-2.6.1.tar.gz from github, untarred, and modified http.c: $ diff git-2.6.1/http.c t/git-2.6.1/http.c 466,467c466,468 < if (curl_http_proxy) { < curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); --- > if (curl_http_proxy) { > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > } 469c470 < curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); --- > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); 471d471 < } One make configure, ./configure, make and make install I can confirm that unpatching the change undoes the problem :) > Adam > > Johan -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Https proxy auth issue with git in cygwin 2.2.1 2015-10-16 12:30 ` Johan Laenen @ 2015-11-23 22:40 ` Adam Dinwoodie 0 siblings, 0 replies; 9+ messages in thread From: Adam Dinwoodie @ 2015-11-23 22:40 UTC (permalink / raw) To: cygwin On Fri, Oct 16, 2015 at 12:26:14PM +0000, Johan Laenen wrote: > Adam Dinwoodie <adam <at> dinwoodie.org> writes: > > > I think I've found the problem, and you're right -- Git has changed the > > way it makes the curl call. The culprit is commit 5841520b in the > > upstream Git repository, which has the following commit message: > > > > | http: always use any proxy auth method available > > | > > | We set CURLOPT_PROXYAUTH to use the most secure authentication > > | method available only when the user has set configuration variables > > | to specify a proxy. However, libcurl also supports specifying a > > | proxy through environment variables. In that case libcurl defaults > > | to only using the Basic proxy authentication method, because we do > > | not use CURLOPT_PROXYAUTH. > > | > > | Set CURLOPT_PROXYAUTH to always use the most secure authentication > > | method available, even when there is no git configuration telling us > > | to use a proxy. This allows the user to use environment variables to > > | configure a proxy that requires an authentication method different > > | from Basic. > > > > I can't confirm this is the problem, though, as I don't have a test > > environment that uses NTLM. > > > > Do you have the ability to either run a test version of Git I can > > produce that patches out this change, or (better) to build Git yourself > > without this patch to see if that is indeed the change that's causing > > the problem? > > > > Hi There, > > I can into the exact same problem after upgrading to the latest cygwin version. > > So, following your advice, I took git-2.6.1.tar.gz from github, untarred, > and modified http.c: > > $ diff git-2.6.1/http.c t/git-2.6.1/http.c > 466,467c466,468 > < if (curl_http_proxy) { > < curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > --- > > if (curl_http_proxy) { > > curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy); > > } > 469c470 > < curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); > --- > > curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY); > 471d471 > < } > > One make configure, ./configure, make and make install I can confirm that > unpatching the change undoes the problem :) Hi Johan, I've just spotted this email while trawling through other Cygwin/Git related things; somehow I missed it when it was first sent. I see you've raised this on the upstream Git mailing list already, and there's been some useful discussion there, so I'm not proposing any further discussion on this list. I just wanted to reply with my Git maintainer hat on and acknowledge the discussion has moved upstream. Cheers, Adam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-11-23 22:31 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-09-21 6:55 Https proxy auth issue with git in cygwin 2.2.1 Lukasz Pielak 2015-09-21 10:20 ` Andrey Repin 2015-09-21 10:32 ` Lukasz Pielak 2015-09-21 10:31 ` Adam Dinwoodie 2015-09-21 10:39 ` Achim Gratz 2015-09-25 7:20 ` LukaszPielak 2015-10-05 20:23 ` Adam Dinwoodie 2015-10-16 12:30 ` Johan Laenen 2015-11-23 22:40 ` Adam Dinwoodie
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).