Thank you for filling out a Git bug report! Please answer the following questions to help us understand your issue. What did you do before the bug happened? (Steps to reproduce your issue) I modified ~/.gitconfig to include my PKCS#11 URI for my YubiKey 5 smart card. The contents of my ~/.gitconfig are: [http "https://git.example.com";] sslCert = "pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0011223344556677;token=someUsername" sslKey = "pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0011223344556677;token=someUsername" sslbackend = openssl sslkeytype = ENG sslcerttype = ENG sslCertPasswordProtected = true What did you expect to happen? (Expected behavior) I expected the URI to be passed, as is, to OpenSSL, without escaping special characters What happened instead? (Actual behavior) Git appears to escape special characters in the URI, like the equals sign, colon and semicolon, causing OpenSSL to not recognize the URI. This is the command line output is: git clone https://git.example.com/org/repo.git Cloning into 'repo'... fatal: cannot exec '/usr/bin/ksshaskpass': No such file or directory Password for 'cert:///pkcs11%3Amodel%3DPKCS%252315%2520emulated%3Bmanufacturer%3Dpiv_II%3Bserial%3D0011223344556677%3Btoken%3DsomeUsername': fatal: Authentication failed for 'https://git.example.com/org/repo.git/' What's different between what you expected and what actually happened? The URI should never be escaped. Anything else you want to add: The version of Git in Rocky Linux 9 is 4.35.5. The URI is not escaped in this version. Separately, note that the serial, username and repo URL have been modified. I am working on a non-Internet connected system with Fedora 41. I am unable to disclose the YubiKey serial, username nor the repo URL. Please review the rest of the bug report below. You can delete any lines you don't wish to share. [System Info] git version: git version 2.48.1 cpu: x86_64 no commit associated with this build sizeof-long: 8 sizeof-size_t: 8 shell-path: /bin/sh libcurl: 8.9.1 OpenSSL: OpenSSL 3.2.2 4 Jun 2024 zlib: 1.3.1.zlib-ng uname: Linux 6.12.13-200.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Feb 8 20:05:26 UTC 2025 x86_64 compiler info: gnuc: 14.2 libc info: glibc: 2.40 $SHELL (typically, interactive shell): /bin/bash [Enabled Hooks] not run from a git repository - no hooks to show
