I've been trying to track down an issue with the GitLab CI Runner: https://gitlab.com/gitlab-org/gitlab-runner/issues/3497 Note that I'm using "git version 2.7.2.windows.1". I've narrowed it down to an observation that the [http] config seems to be ignored by 'git submodule update'. Shouldn't those options be respected by submodules? Given a .git/config file like this: ------------------------------------------------------------------------ [fetch] recurseSubmodules = false [http "https://gitlab.exmaple.com";] sslCAInfo = C:\\Users\\gitlab-runner\\builds\\deadbeef\\0\\somegroup\\someproj.git\\CA_SERVER_TLS_CA_FILE [core] ... [remote "origin"] url = https://jreinhart:<private-access-token>@gitlab.example.com/somegroup/someproj.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [submodule "some-lib"] url = https://jreinhart:<private-access-token>@gitlab.example.com/somegroup/some-lib.git ------------------------------------------------------------------------ ...I see the following results: ------------------------------------------------------------------------ C:\Users\jreinhart\testrepo>set GIT_CURL_VERBOSE=1 C:\Users\jreinhart\testrepo>git fetch ... * Connected to gitlab.example.com (x.x.x.x) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: C:\Users\gitlab-runner\builds\deadbeef\0\somegroup\someproj.git\CA_SERVER_TLS_CA_FILE CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * <certificate details here> * SSL certificate verify ok. ... C:\Users\jreinhart\testrepo>git checkout master C:\Users\jreinhart\testrepo>git submodule update --init ... * Connected to gitlab.example.com (x.x.x.x) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt CApath: none * SSL certificate problem: unable to get local issuer certificate ... ------------------------------------------------------------------------ Note that the CAfile reverted to its default instead of using the same one from the `git fetch`. Thanks in advance, Jonathon Reinhart
