RE: Commit 5841520b makes it impossible to connect to github from behind my company's firewall.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Junio C Hamano [mailto:jch2355@xxxxxxxxx] On Behalf Of Junio C Hamano

[administrivia: please do not cull people out of the Cc: list]

Johan Laenen <johan.laenen+cygwin@xxxxxxxxx> writes:

> Enrique Tobis <Enrique.Tobis <at> twosigma.com> writes:
>
>> There is something I don't understand, though. Johan must be 
>> configuring his proxy either a) through git config files; or b) 
>> through environment variables. Johan says his proxy uses NTLM 
>> authentication. If he is doing a), then my change should not have had 
>> any impact. We were already setting CURLOPT_PROXYAUTH to CURLAUTH_ANY 
>> in that case. If it's b), then his proxy couldn't have been using 
>> NTLM authentication. In the old code path, only _BASIC was available 
>> as an authentication mechanism.  That default is what prompted me to 
>> make the change in the first place.
>
> Interesting!
>
> I tried both git versions, the one with the revert of commit 5841520b 
> and the one without and both gave me the fatal error "Unknown SSL 
> protocol error in connection to github.com:443" when using the 
> ~/.gitconfig [https] and [http] proxy settings instead of using the https_proxy environment variable.

> OK, so the conclusion I draw here is that your NTLM setting is not working at all, you have been using Basic auth happily before that commit, and you have to either (1) get NTLM auth working, or (2) find a way to tell Git that your proxy appears to support NTLM but it is unusable and you need to use Basic.

> Even though you may be capable to do (1), other people in the same situation might not be, in which case we would also need a way to do (2).

> Am I reading the above correctly?

I draw almost the same conclusions. I agree that he seems to have been using Basic all along. Based on the verbose output Johan posted, I think libcurl is trying to do NEGOTIATE instead of NTLM, so that's what Johan would have to get working. I also agree that other people may need to do (2).
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]