| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; q=dns; s= | |
| default; b=OEO4IV3FwGFntiYk5gHAxQPs/kPF4Af2U1qmbmBSfCZuqIwfnFk91 | |
| iEUM9zBL2OV7osMk5Ghm9ryoLGdEnq4CgnU2TVdW3EBX1rNaRplFqXXGUBXOwUkk | |
| rwQTJulPXgRk0DJWWBO4pTDjSXRiRQxw5uq50gH9fNxT5fuYjxi5Uk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; s=default; | |
| bh=2nUywRHh6Q/l/lKOC+P0+IQYZGg=; b=MWrcmDs+z9GWlUpkNFdComartS31 | |
| edp1Wdmv7QHnYg8AISYLaQk7R2yS82nGX+/nGNFp6wXe2kf62n7SlPWwrekeUZvs | |
| Bn4bFVGltO+5DXAJcnfFEyNh8MfMBWxLSabx8PQCGYH+B8Y6a1rnj4FGcN3nWYov | |
| 6ZGbeBKc4KM+ocA= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=4.0 required=5.0 tests=BASE64_LENGTH_79_INF,BAYES_20,FREEMAIL_FROM,FSL_HELO_BARE_IP_2,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 |
| X-HELO: | plane.gmane.org |
| To: | cygwin AT cygwin DOT com |
| From: | LukaszPielak <pielak AT gmail DOT com> |
| Subject: | Re: Https proxy auth issue with git in cygwin 2.2.1 |
| Date: | Fri, 25 Sep 2015 07:13:07 +0000 (UTC) |
| Lines: | 1 |
| Message-ID: | <loom.20150925T090939-654@post.gmane.org> |
| References: | <CAFkLm6xW=5uUP+CRrmUontqPzqAZ+r4WdwjVAhP+XTvs53JmFQ AT mail DOT gmail DOT com> <20150921103100 DOT GF14466 AT dinwoodie DOT org> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id t8P7KO1s028293 |
Adam Dinwoodie <adam <at> dinwoodie.org> writes:
>
> On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote:
> > In the latest Cygwin 2.2.1. git doesn’t work with proxy
authentication.
>
> What do you mean by proxy authentication here? What do you have
> configured, and how?
>
> > The git version is 2.5.1 and the curl version is 7.43.
> > The error prints fatal: unable to access
> > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol
error
> > in connection to github.com:443
>
> WJFFM with those versions, but then I'm not using any sort of web
proxy.
>
> > In my previous Cygwin 1.7.35 (with curl 7.41) this problem didn’t
> > exist. Git for windows (git 2.5.1 version, but curl is 7.44) seems
to
> > work too.
>
> Are you able to test any other combinations of these? I don't think
the
> results for Git for Windows are going to be particularly informative -
-
> there are too many variables between that build and Cygwin's -- but
> knowing whether it's the bump from Cygwin v1.7.35 to v2.2.1, or from
> Curl v7.41 to v7.43, would be potentially useful.
>
> > I assume that there is a bug in curl rather than in git.
>
> As an interim solution, does using ssh instead of https work?
>
>
Hi Adam
ssh over https is unfortunately not an option.
I experimented with with curl instead of git a bit:
With --proxy-negotiate i get:
curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd
--proxy-negotiate http://mirror.provider.org/package.rpm
* STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection
#-5000)
* Added connection 0. The cache now contains 1 members
* Trying 10.105.36.151...
* STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection
#0)
* Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225
(connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection
#0)
> GET http://mirror.provider.org/package.rpm HTTP/1.1
> Host: mirror.provider.org
> User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection
#0)
* STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection
#0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 407 Proxy Authentication Required
* gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to
negotiate
< Proxy-Authenticate: NEGOTIATE
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="BCAAA"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
* HTTP/1.1 proxy connection set close!
< Proxy-Connection: close
< Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/
< Connection: close
< Content-Length: 1551
<
<html>
<head>
<title>Access Denied</title>
</head>
With proxy-ntlm it seems to work though
curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd
--proxy-ntlm http://mirror.provider.org/package.rpm
* STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection
#-5000)
* Added connection 0. The cache now contains 1 members
* Trying 10.105.36.151...
* STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection
#0)
* Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225
(connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection
#0)
* Proxy auth using NTLM with user 'myuser'
> GET http://mirror.provider.org/package.rpm HTTP/1.1
> Host: mirror.provider.org
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection
#0)
* STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection
#0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAABwAHADgAAAAGgokCrqa74bTKLosAAAAAAAAAAHYAdgA/AAAABgGxHQAA
AA9OVC1TQkIxAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUANgA4AAQADABzAGIAYgAu
AGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIAYQBkAHIAYQBpAGwALgBj
AGgABwAIAOjj+Rta9dABAAAAAA==
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: Keep-Alive
< Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/
< Connection: Keep-Alive
< Content-Length: 1568
<
* Ignoring the response-body
* Curl_done
* Connection #0 to host webproxy.mycorp.com left intact
* Issue another request to this URL:
'http://mirror.provider.org/package.rpm'
* STATE: PERFORM => CONNECT handle 0x80048388; line 1593 (connection
#-5000)
* Found bundle for host mirror.provider.org: 0x8005b3f0
* Re-using existing connection! (#0) with proxy webproxy.mycorp.com
* Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0)
* STATE: CONNECT => DO handle 0x80048388; line 1121 (connection #0)
* Proxy auth using NTLM with user 'myuser'
> GET http://mirror.provider.org/package.rpm HTTP/1.1
> Host: mirror.provider.org
> Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAACmAKYAWAAAAAAAAAD+AAAABwAHAP4AAAAGAAYABQEAAAAA
AAAAAAAABoKJAhvGb+LTOmku2XPOiA6YSDWn4N5/nvfBGSXfJmwNZpFtA+BoIeymbekBAQAA
AAAAAIANcRta9dABp+Def573wRkAAAAAAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUA
NgA4AAQADABzAGIAYgAuAGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIA
YQBkAHIAYQBpAGwALgBjAGgABwAIAOjj+Rta9dABAAAAAAAAAAB1ZTYzNjYySzExMjYz
> User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection
#0)
* STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection
#0)
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Found
< Location: http://mirror.provider.org/notify-NotifySplashOrange?
aHR0cDovL21pcnJvci5wcm92aWRlci5vcmcvcGFja2FnZS5ycG0=
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 1449
<
<html>
<head>
<title>Redirect</title>
</head>
<body>
Now I switched back to the old cygwin and tried the same
{ ~ } » uname -a
CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin
{ ~ } » curl --version
curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8
libidn/1.29 libssh2/1.5.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
NTLM_WB SSL libz TLS-SRP UnixSockets Metalink
{ ~ } » git --version
git version 2.1.4
curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd
--proxy-negotiate http://mirror.provider.org/package.rpm
* STATE: INIT => CONNECT handle 0x800481f8; line 1034 (connection
#-5000)
* Added connection 0. The cache now contains 1 members
* Trying 10.105.36.152...
* STATE: CONNECT => WAITCONNECT handle 0x800481f8; line 1087 (connection
#0)
* Connected to webproxy.mycorp.com (10.105.36.152) port 8080 (#0)
* STATE: WAITCONNECT => DO handle 0x800481f8; line 1229 (connection #0)
> GET http://mirror.provider.org/package.rpm HTTP/1.1
> User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))
> Host: mirror.provider.org
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* STATE: DO => DO_DONE handle 0x800481f8; line 1314 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x800481f8; line 1441 (connection
#0)
* STATE: WAITPERFORM => PERFORM handle 0x800481f8; line 1454 (connection
#0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 407 Proxy Authentication Required
* gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to
negotiate
< Proxy-Authenticate: NEGOTIATE
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="BCAAA"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
* HTTP/1.1 proxy connection set close!
< Proxy-Connection: close
< Set-Cookie: BCSI-CS-7390672db2e928d5=2; Path=/
< Connection: close
< Content-Length: 1551
<
<html>
<head>
<title>Access Denied</title>
</head>
<body>
As you can see i still get the error, but git seems to work:
{ mockito } master » git pull
Already up-to-date.
This makes me think that it is rather a change in the recent git
version. To me it looks like git changed the way it makes a curl call.
Unfortunately this doesn't resolve my issues, I still need to use git
over https in cygwin. Any hints?
Cheers
Lukasz
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |