[I forgot to cc: [email protected]. *sigh*
Resending. Sorry for the noise.]
Hi Domenico,
When Louis tries to access some files through https using a proxy
(squid/2.6.STABLE16), curl returns the error
gnutls_handshake() failed: A TLS warning alert has been received.
It works fine when using a direct (no proxy) connection. Any ideas?
Details:
Submitter seems to have gone missing (sigh) so I don’t have
gnutls-cli -p 443 [...] output. I am lazy, so I have not tried to
reproduce this. I am passing it on to you in case it is something
obvious or something you have seen before. And I am hoping you can
make more sense of the error message.
If this looks git-specific, please let me know, and I’ll take the
bug back again.
git is doing (see get_refs_via_curl() from v1.6.3.3:transport.c):
struct strbuf buffer = STRBUF_INIT;
struct active_request_slot *slot;
struct slot_results results;
[...]
slot = get_active_slot();
slot->results = &results;
curl_easy_setopt(slot->curl, CURLOPT_FILE, &buffer);
curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, fwrite_buffer);
curl_easy_setopt(slot->curl, CURLOPT_URL, refs_url);
curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, NULL);
run_active_slot(slot);
if (results.curl_result != CURLE_OK) {
strbuf_release(&buffer);
if (missing_target(&results))
die("%s not found: did you run git update-server-info on the
server?", refs_url);
else
die("%s download error - %s", refs_url, curl_errorstr);
}
where
size_t fwrite_buffer(const void *ptr, size_t eltsize, size_t nmemb,
void *buffer_)
{
size_t size = eltsize * nmemb;
struct strbuf *buffer = buffer_;
strbuf_add(buffer, ptr, size);
data_received++;
return size;
}
get_active_slot() initializes a new curl handle and does
curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);
curl_easy_setopt(slot->curl, CURLOPT_READFUNCTION, NULL);
curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, NULL);
curl_easy_setopt(slot->curl, CURLOPT_UPLOAD, 0);
curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
Louis’s recipe for reproducing:
> When I try to use a repository which is hosted on a webdav share through
> https and a proxy (squid/2.6.STABLE16), git fails :
>
> fatal: https://[...]/info/refs download error - gnutls_handshake() failed: A
> TLS warning alert has been received.
>
> Of course, the ssl certificate is valid.
>
> The server was set up using this howto :
>
> http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt
>
> It works perfectly on a host which has a direct internet connection.
It also looks like curl using openssl works fine:
> It works perfectly through the proxy when I build git myself.
For more details, see http://bugs.debian.org/559371
Hope that helps,
Jonathan
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]