我被困在防火墙后面,所以必须使用HTTPS访问我的GitHub存储库。我在Windows XP上使用cygwin 1.7.7。
我试过把遥控器设置为https://username@github.com/username/ExcelANT.git,但按下输入密码的提示,但输入后没有任何反应。
https://username:<密码>github.com/username/ExcelANT.git和克隆空回购从零开始,但每次它给我同样的错误
错误:SSL证书有问题,请检查CA证书是否正确。细节:
SSL例程:SSL3_GET_SERVER_CERTIFICATE:访问https://github.com/username/ExcelANT.git/info/refs时证书验证失败
打开GIT_CURL_VERBOSE=1会给我
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs
fatal: HTTP request failed
这是我的防火墙有问题吗,cygwin还是什么?
我没有在Git配置中设置HTTP代理,但是它是一个ISA服务器,需要NTLM身份验证,不是基本的,所以除非有人知道如何强制Git使用NTLM,否则我就完了。
如果你只想在github.com上使用Cygwin git客户端,有一种更简单的方法,而不必经历下载、提取、转换和分割证书文件的麻烦。按以下步骤进行(我假设Windows XP与Cygwin和Firefox)
In Firefox, go to the github page (any)
click on the github icon on the address bar to display the certificate
Click through "more information" -> "display certificate" --> "details" and select each node in the hierarchy beginning with the uppermost one; for each of them click on "Export" and select the PEM format:
GTECyberTrustGlobalRoot.pem
DigiCertHighAssuranceEVRootCA.pem
DigiCertHighAssuranceEVCA-1.pem
github.com.pem
Save the above files somewhere in your local drive, change the extension to .pem and move them to /usr/ssl/certs in your Cygwin installation (Windows: c:\cygwin\ssl\certs )
(optional) Run c_reshash from the bash.
就是这样。
当然,这只安装一个证书层次结构,你需要的github。当然,您可以将此方法用于任何其他站点,而不需要安装200个您(不一定)信任的站点。
问题是您的系统上没有安装任何证书颁发机构证书。这些证书不能用cygwin的setup.exe安装。
更新:在cygwin安装Net/ca-certificates包(感谢dirkjot)
有两种解决方案:
实际安装根证书。Curl从Mozilla中为您提取证书。
cacert。Pem文件就是你要找的。该文件包含> 250个CA证书(不知道如何信任这个数量的ppl)。你需要下载这个文件,把它分解成单独的证书,把它们放到/usr/ssl/certs(你的CApath)并索引它们。
以下是如何做到这一点。使用cygwin setup.exe安装curl和openssl包
执行:
<!-- language: lang-bash -->
$ cd /usr/ssl/certs
$ curl http://curl.haxx.se/ca/cacert.pem |
awk '{print > "cert" (1+n) ".pem"} /-----END CERTIFICATE-----/ {n++}'
$ c_rehash
重要提示:为了使用c_rehash,你也必须安装openssl-perl。
Ignore SSL certificate verification.
WARNING: Disabling SSL certificate verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues and your threat model before using this as a solution.
$ env GIT_SSL_NO_VERIFY=true git clone https://github...
