总而言之,我有一个有效的证书链(可通过OpenSSL测试),但我无法以某种方式告诉Git加载这些证书。
我得到了同样的 “不信任的根证书颁发机构”的错误(SEC_E_UNTRUSTED_ROOT)独立是否我的git配置指向现有的或伪造的证书链文件。
有关详细信息,请检查随附的屏幕截图。
我.gitconfig用于伪造文件的设置:
sslCAInfo = C:/tmp/foobar.crt
或者,对于与OpenSSL兼容的真实文件:
sslCAInfo = C:/tmp/ca-bundle.crt
控制台成绩单:
C:\tmp>openssl version
OpenSSL 0.9.8h 28 May 2008
C:\tmp>git --version
git version 2.12.2.windows.2
C:\tmp>git config --list
http.sslverify=true
http.sslcainfo=C:/tmp/ca-bundle.crt
C:\tmp>dir
24.04.2017 13:45 10.875 ca-bundle.crt
c:\tmp>openssl s_client -state -connect https://mygithost:443 -CAfile .\ca-bundle.crt
Verify return code: 0 (ok)
C:\tmp git clone https://mygithost/bitbucket/scm/my.git
Cloning into ...
fatal: unable to access ... : schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
C:\tmp> git -c http.sslverify=false clone https://mygithost/bitbucket/scm/my.git
Cloning into ...
Resoliving deltas: 100%, done.
C:\tmp>git config --list
http.sslverify=true
http.sslcainfo=C:/tmp/foobar.crt
C:\tmp\xxx\git pull
fatal: unable to access ... : schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
您的git配置中有错别字:tml而不是tmp
—
Tensibai
我发现奇怪的是git不会在fakepath中引发错误。您应该验证其他配置级别(全局,用户和存储库)可能在某个地方存在回退
—
Tensibai
@Tensibai请提供说明或文档链接,但不确定如何打印所有内容。例如git config --global --list不起作用。
—
彼得·穆里什金
Git config --get-all应该显示系统,全局和本地的所有结果配置(无法验证我是否在通话中,这只是一个猜测,解决方法可能是
—
Tensibai
set SSL_CERT_FILE=C:\tmp\ca-bundle.crt告诉openssl在哪里找到捆绑包
C:\git config --get-all-- => error: wrong number of arguments