From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Re: git ca cert problems Date: Wed, 13 Jul 2016 22:41:53 +0800 Message-ID: <87poqhbnwu.fsf_-_@gmail.com> References: <87twg1zedu.fsf@gmail.com> <87shvizcnm.fsf@guixsd-mailerver.i-did-not-set--mail-host-address--so-tickle-me> <87a8hpjyun.fsf@gmail.com> <87oa65za4k.fsf@guixsd-mailerver.i-did-not-set--mail-host-address--so-tickle-me> <87shvfmz38.fsf@gmail.com> <871t2zhtxm.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50084) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bNLMQ-0004f3-OH for help-guix@gnu.org; Wed, 13 Jul 2016 10:42:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bNLMM-0006CV-EJ for help-guix@gnu.org; Wed, 13 Jul 2016 10:42:01 -0400 In-Reply-To: <871t2zhtxm.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 12 Jul 2016 15:23:01 +0200") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: help-guix@gnu.org Hi, I change the title to a better one. ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Hello, > > It works for me (on GuixSD, but that shouldn=E2=80=99t make a difference.) > > What does =E2=80=9Cwc -l $GIT_SSL_CAINFO=E2=80=9D say? > The output I get without setting any environment variable is the following: alexvong1995@debian:~$ ltrace -f -e getenv bash -c 'git clone https://githu= b.com/elm-lang/elm-compiler' 2>&1 |grep SSL [pid 6906] sh->getenv("GIT_SSL_NO_VERIFY") =3D nil [pid 6906] sh->getenv("GIT_SSL_CERT") =3D nil [pid 6906] sh->getenv("GIT_SSL_KEY") =3D nil [pid 6906] sh->getenv("GIT_SSL_CAPATH") =3D nil [pid 6906] sh->getenv("GIT_SSL_CAINFO") =3D "/home/alexvong1995/.g= uix-profile"... [pid 6906] sh->getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") =3D nil [pid 6906] sh->getenv("GIT_SSL_VERSION") =3D nil [pid 6906] sh->getenv("GIT_SSL_CIPHER_LIST") =3D nil fatal: unable to access 'https://github.com/elm-lang/elm-compiler/': Proble= m with the SSL CA cert (path? access rights?) Printing the environemt variable GIT_SSL_NO_VERIFY gives: alexvong1995@debian:~$ echo $GIT_SSL_CAINFO /home/alexvong1995/.guix-profile/etc/ssl/certs/ca-certificates.crt:/home/al= exvong1995/.guix-profile/etc/ssl/certs/ca-certificates.crt Is the problem related to having more than one ca cert files? > From a quick look, Git honors a bunch of additional environment > variables in this area: > > $ ltrace -f -e getenv sh -c 'git clone https://github.com/elm-lang/elm-co= mpiler' 2>&1 |grep SSL > [pid 21398] sh->getenv("GIT_SSL_NO_VERIFY") =3D nil > [pid 21398] sh->getenv("GIT_SSL_CERT") =3D nil > [pid 21398] sh->getenv("GIT_SSL_KEY") =3D nil > [pid 21398] sh->getenv("GIT_SSL_CAPATH") =3D nil > [pid 21398] sh->getenv("GIT_SSL_CAINFO") =3D "/etc/ssl/certs/ca-c= ertificates.c"... > [pid 21398] sh->getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") =3D nil > [pid 21398] sh->getenv("GIT_SSL_VERSION") =3D nil > [pid 21398] sh->getenv("GIT_SSL_CIPHER_LIST") =3D nil > > Could it be that one of these is shadowing GIT_SSL_CAINFO? > > There=E2=80=99s also =E2=80=98http.sslCAInfo=E2=80=99 and similar (see gi= t-config(1)). > > HTH, > Ludo=E2=80=99. Thanks, Alex