You need to sign in or sign up before continuing.
Git access issues due to long CA bundle filename
Description of problem:
I have a CA bundle file added to /etc/ssl/certs
that is used by the NGINX HTTPS reverse proxy setup on the machine and is unrelated to git
.
I have noticed that git
(which uses gnutls
) operations would fail if the bundle filename has more than 36 characters.
Version of gnutls used:
3.6.13-2ubuntu1.6
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
How reproducible:
Steps to Reproduce:
- Add a CA bundle file with more than 36 characters, eg:
/etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt
- Try to
git clone
Actual results:
root@wiki-staging:~# ll /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt
-rw-r--r-- 1 root root 7198 Oct 13 18:37 /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt
root@wiki-staging:~# git clone https://code.****.pt/****/****.git
Cloning into '****'...
fatal: unable to access 'https://code.****.pt/****/****.git/': server certificate verification failed. CAfile: none CRLfile: none
root@wiki-staging:~#
Expected results:
If we change the file name from star.staging.xxxx.eu.nginx.bundle.crt
(37 chars) to star.staging.xxx.eu.nginx.bundle.crt
(36 chars) the git
commands return to normal function.
root@wiki-staging:~# mv /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
root@wiki-staging:~# ll /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
-rw-r--r-- 1 root root 7198 Oct 13 18:37 /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
root@wiki-staging:~# git clone https://code.****.pt/****/****.git
Cloning into '****'...
remote: Counting objects: 13, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 13 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (13/13), 3.49 KiB | 142.00 KiB/s, done.
root@wiki-staging:~#