Turning off Git's https verification

I am testing an internal git repository hosted with a self-signed Apache cert.

Unfortunately, I can't manage to push to it without an error like so

error: gnutls_handshake() failed: A TLS warning alert has been received. while accessing https://url

I have performed the following settings:

in .git/config

[http]
    sslverify = false

And in the environment variable world:

declare -x CURLOPT_SSL_VERIFYHOST="0"
declare -x GIT_CURL_VERBOSE="1"
declare -x GIT_SSL_NO_VERIFY="true"

What else might be my problem?

Answers


Just as a reference for people having the same problem: it's very likely that this happens due to git using libcurl-gnutls3 version < 7.21.7 on old Debian and Ubuntu distros.

There was a bug in the library that made it misbehave at least when going through an HTTP proxy to reach a HTTPS website (either your own local proxy or a remote reverse proxy or a government's transparent proxy). The question doesn't state if the author was using a proxy or not but I strongly suspect the problem could be related if not the same. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559371

The fix is to either upgrade to a new distro that supports a fixed libcurl-gnutls3 version, rebuild it yourself, rebuild git to use libcurl-openssl (see https://askubuntu.com/questions/186847/error-gnutls-handshake-falied ) or... avoid using https


It could be that ServerName in your apache VirtualHost is not right. It should correspond to the certificate server name. To find out the reason of TLS alert I suggest running wireshark.


Make git use the HTTPS instead:

Assuming your self-signed certificate is:

/etc/ssl/certs/selfsigned.pem

Do the following:

openssl x509 -in /etc/ssl/certs/selfsigned.pem -out ~/certs/selfsigned.crt
git config --global http.sslcainfo ~/certs/selfsigned.crt

I was having a similar problem. After populating the servername in apache config for virtualhost, this worked. while curl --cacert https..var.git works, git clone https:..var.git threw the error -

Cloning into 'var'... error: gnutls_handshake() failed: A TLS warning alert has been received. while accessing https://foo.server/var.git/info/refs fatal: HTTP request failed

one more thing you should do, is after you do

cd /var/www/var (var is the document root)

sudo git clone --bare ~foo/var
sudo git update-server-info

Need Your Help

Nginx location block rewrite using Unix UserID

wordpress security video nginx rewrite

I have a security scheme in mind for a wordpress site using Nginx location block level rewrites when serving video intended for Mobile/Tablet platforms.