Re: git-fetch in 1.5.4 fails versus 1.5.3.8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 08, 2008 at 08:18:35AM +0100, Mike Hommey wrote:
> On Thu, Feb 07, 2008 at 07:32:39PM -0500, Jeff King wrote:
> > On Thu, Feb 07, 2008 at 11:02:43PM +0100, Mike Hommey wrote:
> > 
> > > Sorry, I've had trouble opening my eyes and actually reading messages I
> > > reply to... anyways, I tried to reproduce with curl-gnutls and...
> > > couldn't... How did you manage that ? Is the server you were trying on
> > > public ? Do you have any http.ssl* variables set in your configuration ?
> > 
> > No, my test repo is not public. I have no special ssl configuration
> > (though I do use GIT_SSL_NO_VERIFY=1 since I just had a test self-signed
> > cert). The exact recipe on my Debian system is:
> > 
> (...)
> 
> Okay, I've been able to reproduce the problem. I don't know what I've
> been doing wrong to have it hidden...
> 
> Anyways, the interesting thing is to look at what curl has to say in its
> verbose mode:
(...)
> 
> So, it looks like either gnutls or curl is doing something wrong and
> can't parse /etc/ssl/certs/ca-certificates.crt a second time. This
> looks like a bug in either curl or gnutls.
> 
> A simplified testcase would probably be to do two requests in a row, but
> I don't have time right now to do this testing.

I'm making myself a liar, but I took some few more minutes to test
something like:
diff --git a/http.c b/http.c
index d2c11ae..001b1c4 100644
--- a/http.c
+++ b/http.c
@@ -186,7 +186,7 @@ static CURL* get_curl_handle(void)
        if (ssl_capath != NULL)
                curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
 #endif
-       if (ssl_cainfo != NULL)
+//     if (ssl_cainfo != NULL)
                curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
        curl_easy_setopt(result, CURLOPT_FAILONERROR, 1);
 


And the result is interesting:
GIT_CURL_VERBOSE=1 git fetch
* Couldn't find host localhost in the .netrc file, using defaults
* About to connect() to localhost port 8443 (#0)
*   Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 8443 (#0)
*        server certificate verification FAILED
*        common name: localhost (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #1
*        subject: C=GB,ST=Some-State,L=Some-Locality,O=One Organization,OU=One Organization Unit,CN=localhost,EMAIL=webmaster@localhost
*        start date: Thu, 07 Feb 2008 21:27:36 GMT
*        expire date: Sat, 08 Mar 2008 21:27:36 GMT
*        issuer: C=GB,ST=Some-State,L=Some-Locality,O=One Organization,OU=One Organization Unit,CN=localhost,EMAIL=webmaster@localhost
*        compression: DEFLATE
*        cipher: AES 256 CBC
*        MAC: SHA
> GET /foo/.git//info/refs HTTP/1.1
User-Agent: git/1.5.4.7.gd8534-dirty
Host: localhost:8443
Accept: */*

< HTTP/1.1 200 OK
< Date: Fri, 08 Feb 2008 07:30:10 GMT
< Server: Apache/2.2.8 (Debian) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g
< Last-Modified: Fri, 08 Feb 2008 06:52:19 GMT
< ETag: "61d82e-3b-445a0080d0ec0"
< Accept-Ranges: bytes
< Content-Length: 59
< Content-Type: text/plain
< 
* Connection #0 to host localhost left intact
* Couldn't find host localhost in the .netrc file, using defaults
* About to connect() to localhost port 8443 (#0)
*   Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 8443 (#0)
* gnutls_handshake() failed: ASN1 parser: Element was not found.
* Expire cleared
* Closing connection #0
error: gnutls_handshake() failed: ASN1 parser: Element was not found. (curl_result = 35, http_code = 0, sha1 = e0aa43ffb1a1e7052a936b9ed5e0a1462cfc343e)

So, it looks like either gnutls has a problem reinitializing its ASN1
parser or curl is doing something wrong with gnutls when initializing a
new request.

Mike
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux