> From: Vitaly VS > Sent: Tuesday, April 13, 2021 8:08 AM > > Hello! Can a Git client work properly through a MITM transparent proxy > with HTTPS interception? Yes, we do it all the time. > > Is there any documentation or recommendations on how to configure a > MITM proxy with HTTPS interception for the Git work? > Not that I am aware of. It is not a Git issue per se. The WAF or Proxy should not (appear) to alter any of the contents of the stream (when allowed). > Getting a bunch of errors when trying to "git clone https://SOME_REPO.git"; > On small REPOs (about 1-5 MB) there is a chance that the clone will be > successful, but mostly I get these errors: > It is likely off-topic, but what is your proxy configuration? I have personally used Git through Apache and F5 MITM proxies. > git clone https://github.com/aaptel/wireshark.git > Cloning into 'wireshark'... > remote: Enumerating objects: 524729, done. > fatal: protocol error: bad line length character: ??:s00 KiB/s > error: inflate: data stream error (invalid literal/lengths set) > fatal: pack has bad object at offset 2093488: inflate returned -3 > fatal: index-pack failed Enable git and curl tracing, contact your proxy team and ask for packet capture with decryption. > > git clone https://github.com/aaptel/wireshark.git > Cloning into 'wireshark'... > remote: Enumerating objects: 524729, done. > fatal: protocol error: bad line length character: ????06 MiB/s > error: inflate: data stream error (incorrect data check) > fatal: pack has bad object at offset 17119052: inflate returned -3 > fatal: index-pack failed > > > git clone https://github.com/aaptel/wireshark.git > Cloning into 'wireshark'... > remote: Enumerating objects: 524729, done. > error: RPC failed; curl 56 Malformed encoding found in chunked-encoding > fatal: the remote end hung up unexpectedly > fatal: early EOF > fatal: index-pack failed > > git clone https://github.com/Homebrew/brew.git > Cloning into 'brew'... > remote: Enumerating objects: 148, done. > remote: Counting objects: 100% (148/148), done. > remote: Compressing objects: 100% (80/80), done. > Receiving objects: 3% (6247/180213), 2.64 MiB | 1005.00 KiB/s > Receiving objects: 4% (8247/180213), 3.75 MiB | 1.00 MiB/s > Receiving objects: 5% (9011/180213), 4.47 MiB | 1.05 MiB/s > fatal: protocol error: bad line length character: ?V?V7 MiB/s > error: inflate: data stream error (incorrect data check) > fatal: pack has bad object at offset 6558416: inflate returned -3 > fatal: index-pack failed > error: RPC failed; curl 56 Malformed encoding found in chunked-encoding > > git clone https://github.com/Homebrew/brew.git > Cloning into 'brew'... > remote: Enumerating objects: 148, done. > remote: Counting objects: 100% (148/148), done. > remote: Compressing objects: 100% (80/80), done. > Receiving objects: 0% (1/180213) > Receiving objects: 0% (687/180213), 436.01 KiB | 397.00 KiB/s > Receiving objects: 0% (1029/180213), 548.01 KiB | 338.00 KiB/s > Receiving objects: 1% (1803/180213), 972.01 KiB | 309.00 KiB/s > Receiving objects: 1% (2091/180213), 1.11 MiB | 309.00 KiB/s > Receiving objects: 2% (3605/180213), 1.82 MiB | 214.00 KiB/s > fatal: protocol error: bad line length character: O20000 KiB/s > fatal: pack has bad object at offset 2776352: inflate returned -5 > fatal: index-pack failed > error: RPC failed; curl 56 Malformed encoding found in chunked-encoding > > P.S. We trust proxy root certificate in the system, also tried to add > in config but no luck That is assumed, otherwise you would not have started transferring any data. [I set the reply to header, don’t email me directly I am on the list] -- Jason Pyeron | Architect Contractor | PD Inc | 10 w 24th St | Baltimore, MD | .mil: jason.j.pyeron.ctr@xxxxxxxx .com: jpyeron@xxxxxxxx tel : 202-741-9397
