delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2015/10/05/16:23:17

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:references
:mime-version:content-type:content-transfer-encoding
:in-reply-to; q=dns; s=default; b=OKiYcBIKtOyGknsMKey4D7bhVmjPDP
OcMILO5d7+fNnCdMs+BiMAR3fNi7pcewLLbGHS5PpUCk+hVTCzZ+CXuazXdE0QAN
ZKtqFy7o5qBeBGPAd6hi6/Ciyy3Cht0waAd5bZVCezxQvhTFvrXRWBMbWCC2z8mV
wemuSsA9jJA9g=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:references
:mime-version:content-type:content-transfer-encoding
:in-reply-to; s=default; bh=F+zGR+EL+C4r2IrPCA1FHjTArXU=; b=sPzY
ZyyMgA0dzGPNYpmFLpAP63ymRI9WCtFwigxf8hI0fwZ2A3jHjQYqF1hYamqsfqYp
cTeuE0wnec7ea6wcZAGXRaiMUvOiT8I2RONu9t4W299YtVBpIB00LziZmOIGiYd0
8JknUGTqUfT4h9UMATmurcrx2ESFkucdFuw6X6M=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-wi0-f174.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=j1EcyeFd5SFm+18DV25WHLxJHDitv4Ae2YBB7ExOp+8=; b=d/36nu6y/8Ms3+jeG8jOPwQKmA0gOGQNMwtwu+zqnpyWDj905jGm6XWZM5r5EPM9rX dGAyaIYP6TVwSbc8jGSK0yp0GZM1TwIIPm33N3jZOCK+QS7IYwJfYyNqipyG4npNqtzh FpvikIipkyzVkpKmi90/dUfi1YOOojXynA15oVhcqC8D11EamykpixgdNKTEL9x7gpaT C0xlWDyo+0QC0gbEuOoasBODN3N/JaQFpv+2TA4jcLHtuiH37yskBVFD3nnz1VyCQ84g 6arFR7/not7egDKdXrTdJqRXMjnRxwGespkSMGoeSQYJehhQhTFY1pDJUhtqgzW1Xwk+ jNXw==
X-Gm-Message-State: ALoCoQlK2QcbRQOGf39UPsxQorjahZDtka+rHIBx5xoyZe6OU47o2CY/7J1z2aR91RKImHDR4PfI
X-Received: by 10.180.211.243 with SMTP id nf19mr14088083wic.74.1444076574601; Mon, 05 Oct 2015 13:22:54 -0700 (PDT)
Date: Mon, 5 Oct 2015 21:22:49 +0100
From: Adam Dinwoodie <adam AT dinwoodie DOT org>
To: cygwin AT cygwin DOT com
Subject: Re: Https proxy auth issue with git in cygwin 2.2.1
Message-ID: <20151005202249.GM14466@dinwoodie.org>
References: <CAFkLm6xW=5uUP+CRrmUontqPzqAZ+r4WdwjVAhP+XTvs53JmFQ AT mail DOT gmail DOT com> <20150921103100 DOT GF14466 AT dinwoodie DOT org> <loom DOT 20150925T090939-654 AT post DOT gmane DOT org>
MIME-Version: 1.0
In-Reply-To: <loom.20150925T090939-654@post.gmane.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-IsSubscribed: yes 

On Fri, Sep 25, 2015 at 07:13:07AM +0000, LukaszPielak wrote:
> Adam Dinwoodie <adam <at> dinwoodie.org> writes:
> > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote:
> > > The git version is 2.5.1 and the curl version is 7.43.
> > > The error prints fatal: unable to access
> > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error
> > > in connection to github.com:443
>
> <snip>
> 
> Now I switched back to the old cygwin and tried the same
> 
> { ~ }  » uname -a
> CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin
> { ~ }  » curl --version
> curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8
> libidn/1.29 libssh2/1.5.0
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz TLS-SRP UnixSockets Metalink
> { ~ }  » git --version
> git version 2.1.4
> 
> <snip>
> 
> As you can see i still get the error, but git seems to work:
> 
> { mockito } master » git pull
> Already up-to-date.
> 
> This makes me think that it is rather a change in the recent git 
> version. To me it looks like git changed the way it makes a curl call.

I think I've found the problem, and you're right -- Git has changed the
way it makes the curl call.  The culprit is commit 5841520b in the
upstream Git repository, which has the following commit message:

| http: always use any proxy auth method available
|
| We set CURLOPT_PROXYAUTH to use the most secure authentication
| method available only when the user has set configuration variables
| to specify a proxy.  However, libcurl also supports specifying a
| proxy through environment variables.  In that case libcurl defaults
| to only using the Basic proxy authentication method, because we do
| not use CURLOPT_PROXYAUTH.
|
| Set CURLOPT_PROXYAUTH to always use the most secure authentication
| method available, even when there is no git configuration telling us
| to use a proxy. This allows the user to use environment variables to
| configure a proxy that requires an authentication method different
| from Basic.

I can't confirm this is the problem, though, as I don't have a test
environment that uses NTLM.

Do you have the ability to either run a test version of Git I can
produce that patches out this change, or (better) to build Git yourself
without this patch to see if that is indeed the change that's causing
the problem?

Adam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019