Adam Dinwoodie <adam <at> dinwoodie.org> writes: > > On Mon, Sep 21, 2015 at 08:54:39AM +0200, Lukasz Pielak wrote: > > In the latest Cygwin 2.2.1. git doesn’t work with proxy authentication. > > What do you mean by proxy authentication here? What do you have > configured, and how? > > > The git version is 2.5.1 and the curl version is 7.43. > > The error prints fatal: unable to access > > 'https://github.com/mockito/mockito.git/': Unknown SSL protocol error > > in connection to github.com:443 > > WJFFM with those versions, but then I'm not using any sort of web proxy. > > > In my previous Cygwin 1.7.35 (with curl 7.41) this problem didn’t > > exist. Git for windows (git 2.5.1 version, but curl is 7.44) seems to > > work too. > > Are you able to test any other combinations of these? I don't think the > results for Git for Windows are going to be particularly informative - - > there are too many variables between that build and Cygwin's -- but > knowing whether it's the bump from Cygwin v1.7.35 to v2.2.1, or from > Curl v7.41 to v7.43, would be potentially useful. > > > I assume that there is a bug in curl rather than in git. > > As an interim solution, does using ssh instead of https work? > >
Hi Adam ssh over https is unfortunately not an option. I experimented with with curl instead of git a bit: With --proxy-negotiate i get: curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-negotiate http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.151... * STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225 (connection #0) * STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection #0) > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required * gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate < Proxy-Authenticate: NEGOTIATE < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 * HTTP/1.1 proxy connection set close! < Proxy-Connection: close < Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/ < Connection: close < Content-Length: 1551 < <html> <head> <title>Access Denied</title> </head> With proxy-ntlm it seems to work though curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-ntlm http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x80048388; line 1075 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.151... * STATE: CONNECT => WAITCONNECT handle 0x80048388; line 1128 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x80048388; line 1225 (connection #0) * STATE: SENDPROTOCONNECT => DO handle 0x80048388; line 1243 (connection #0) * Proxy auth using NTLM with user 'myuser' > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required < Proxy-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokCrqa74bTKLosAAAAAAAAAAHYAdgA/AAAABgGxHQAA AA9OVC1TQkIxAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUANgA4AAQADABzAGIAYgAu AGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIAYQBkAHIAYQBpAGwALgBj AGgABwAIAOjj+Rta9dABAAAAAA== < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: Keep-Alive < Set-Cookie: BCSI-CS-d71134cd838e0ff2=2; Path=/ < Connection: Keep-Alive < Content-Length: 1568 < * Ignoring the response-body * Curl_done * Connection #0 to host webproxy.mycorp.com left intact * Issue another request to this URL: 'http://mirror.provider.org/package.rpm' * STATE: PERFORM => CONNECT handle 0x80048388; line 1593 (connection #-5000) * Found bundle for host mirror.provider.org: 0x8005b3f0 * Re-using existing connection! (#0) with proxy webproxy.mycorp.com * Connected to webproxy.mycorp.com (10.105.36.151) port 8080 (#0) * STATE: CONNECT => DO handle 0x80048388; line 1121 (connection #0) * Proxy auth using NTLM with user 'myuser' > GET http://mirror.provider.org/package.rpm HTTP/1.1 > Host: mirror.provider.org > Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACmAKYAWAAAAAAAAAD+AAAABwAHAP4AAAAGAAYABQEAAAAA AAAAAAAABoKJAhvGb+LTOmku2XPOiA6YSDWn4N5/nvfBGSXfJmwNZpFtA+BoIeymbekBAQAA AAAAAIANcRta9dABp+Def573wRkAAAAAAgAOAE4AVAAtAFMAQgBCADEAAQAMAEkANgA4ADUA NgA4AAQADABzAGIAYgAuAGMAaAADABoAaQA2ADgANQA2ADgALgBzAGIAYgAuAGMAaAAFABIA YQBkAHIAYQBpAGwALgBjAGgABwAIAOjj+Rta9dABAAAAAAAAAAB1ZTYzNjYySzExMjYz > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x80048388; line 1322 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x80048388; line 1449 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x80048388; line 1459 (connection #0) * HTTP 1.0, assume close after body < HTTP/1.0 302 Found < Location: http://mirror.provider.org/notify-NotifySplashOrange? aHR0cDovL21pcnJvci5wcm92aWRlci5vcmcvcGFja2FnZS5ycG0= < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Proxy-Connection: close < Connection: close < Content-Length: 1449 < <html> <head> <title>Redirect</title> </head> <body> Now I switched back to the old cygwin and tried the same { ~ } » uname -a CYGWIN_NT-6.1-WOW K11263 1.7.35(0.287/5/3) 2015-03-04 12:07 i686 Cygwin { ~ } » curl --version curl 7.41.0 (i686-pc-cygwin) libcurl/7.41.0 OpenSSL/1.0.2a zlib/1.2.8 libidn/1.29 libssh2/1.5.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink { ~ } » git --version git version 2.1.4 curl -v --proxy webproxy.mycorp.com:8080 --proxy-user myuser:mypasswd --proxy-negotiate http://mirror.provider.org/package.rpm * STATE: INIT => CONNECT handle 0x800481f8; line 1034 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 10.105.36.152... * STATE: CONNECT => WAITCONNECT handle 0x800481f8; line 1087 (connection #0) * Connected to webproxy.mycorp.com (10.105.36.152) port 8080 (#0) * STATE: WAITCONNECT => DO handle 0x800481f8; line 1229 (connection #0) > GET http://mirror.provider.org/package.rpm HTTP/1.1 > User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) > Host: mirror.provider.org > Accept: */* > Proxy-Connection: Keep-Alive > * STATE: DO => DO_DONE handle 0x800481f8; line 1314 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x800481f8; line 1441 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x800481f8; line 1454 (connection #0) * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 407 Proxy Authentication Required * gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate < Proxy-Authenticate: NEGOTIATE < Proxy-Authenticate: NTLM < Proxy-Authenticate: BASIC realm="BCAAA" < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 * HTTP/1.1 proxy connection set close! < Proxy-Connection: close < Set-Cookie: BCSI-CS-7390672db2e928d5=2; Path=/ < Connection: close < Content-Length: 1551 < <html> <head> <title>Access Denied</title> </head> <body> As you can see i still get the error, but git seems to work: { mockito } master » git pull Already up-to-date. This makes me think that it is rather a change in the recent git version. To me it looks like git changed the way it makes a curl call. Unfortunately this doesn't resolve my issues, I still need to use git over https in cygwin. Any hints? Cheers Lukasz
