On Thu, Feb 07, 2008 at 07:32:39PM -0500, Jeff King wrote: > On Thu, Feb 07, 2008 at 11:02:43PM +0100, Mike Hommey wrote: > > > Sorry, I've had trouble opening my eyes and actually reading messages I > > reply to... anyways, I tried to reproduce with curl-gnutls and... > > couldn't... How did you manage that ? Is the server you were trying on > > public ? Do you have any http.ssl* variables set in your configuration ? > > No, my test repo is not public. I have no special ssl configuration > (though I do use GIT_SSL_NO_VERIFY=1 since I just had a test self-signed > cert). The exact recipe on my Debian system is: > (...) Okay, I've been able to reproduce the problem. I don't know what I've been doing wrong to have it hidden... Anyways, the interesting thing is to look at what curl has to say in its verbose mode: GIT_CURL_VERBOSE=1 git fetch * Couldn't find host localhost in the .netrc file, using defaults * About to connect() to localhost port 8443 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 8443 (#0) * found 102 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification FAILED * common name: localhost (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #1 * subject: C=GB,ST=Some-State,L=Some-Locality,O=One Organization,OU=One Organization Unit,CN=localhost,EMAIL=webmaster@localhost * start date: Thu, 07 Feb 2008 21:27:36 GMT * expire date: Sat, 08 Mar 2008 21:27:36 GMT * issuer: C=GB,ST=Some-State,L=Some-Locality,O=One Organization,OU=One Organization Unit,CN=localhost,EMAIL=webmaster@localhost * compression: DEFLATE * cipher: AES 256 CBC * MAC: SHA > GET /foo/.git//info/refs HTTP/1.1 User-Agent: git/1.5.4.7.gd8534-dirty Host: localhost:8443 Accept: */* < HTTP/1.1 200 OK < Date: Fri, 08 Feb 2008 07:10:09 GMT < Server: Apache/2.2.8 (Debian) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g < Last-Modified: Fri, 08 Feb 2008 06:52:19 GMT < ETag: "61d82e-3b-445a0080d0ec0" < Accept-Ranges: bytes < Content-Length: 59 < Content-Type: text/plain < * Connection #0 to host localhost left intact * Couldn't find host localhost in the .netrc file, using defaults * About to connect() to localhost port 8443 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 8443 (#0) * error reading ca cert file /etc/ssl/certs/ca-certificates.crt (ASN1 parser: Element was not found.) * gnutls_handshake() failed: ASN1 parser: Element was not found. * Expire cleared * Closing connection #0 error: gnutls_handshake() failed: ASN1 parser: Element was not found. (curl_result = 35, http_code = 0, sha1 = e0aa43ffb1a1e7052a936b9ed5e0a1462cfc343e) Getting pack list for https://localhost:8443/foo/.git So, it looks like either gnutls or curl is doing something wrong and can't parse /etc/ssl/certs/ca-certificates.crt a second time. This looks like a bug in either curl or gnutls. A simplified testcase would probably be to do two requests in a row, but I don't have time right now to do this testing. Mike - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
