我正在尝试克隆
just went fully open-source的原子库,我遇到了一些麻烦.
尝试克隆存储库会产生SSL错误:
wug@wugputer:/src/test$git clone https://github.com/atom/atom.git Cloning into atom... error: SSL certificate problem,verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed while accessing https://github.com/atom/atom.git/info/refs fatal: HTTP request Failed
谷歌搜索表明这是一个失败的CURL调用,并且我可以设置一个环境变量来获取更多信息,但它没有显示任何特别有用的信息:
wug@wugputer:/src/test$GIT_CURL_VERBOSE=1 git clone https://github.com/atom/atom.git Cloning into atom... * Couldn't find host github.com in the .netrc file; using defaults * About to connect() to proxy proxy.wugcorp.com port 3128 (#0) * Trying 10.1.2.3... * Connected to proxy.wugcorp.com (10.1.2.3) port 3128 (#0) * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 Host: github.com:443 User-Agent: git/1.7.4.1 Proxy-Connection: Keep-Alive Pragma: no-cache < HTTP/1.0 200 Connection established < * Proxy replied OK to CONNECT request * Connected to proxy.wugcorp.com (10.1.2.3) port 3128 (#0) * SSL certificate problem,verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed * Expire cleared * Closing connection #0 * Couldn't find host github.com in the .netrc file; using defaults * About to connect() to proxy proxy.wugcorp.com port 3128 (#0) * Trying 10.1.2.3... * Connected to proxy.wugcorp.com (10.1.2.3) port 3128 (#0) * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 Host: github.com:443 User-Agent: git/1.7.4.1 Proxy-Connection: Keep-Alive Pragma: no-cache < HTTP/1.0 200 Connection established < * Proxy replied OK to CONNECT request * Connected to proxy.wugcorp.com (10.1.2.3) port 3128 (#0) * SSL certificate problem,verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed * Expire cleared * Closing connection #0 error: SSL certificate problem,verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed while accessing https://github.com/atom/atom.git/info/refs fatal: HTTP request Failed
我在工作,proxy.wugcorp.com是我们的网络代理(预计会在那里).我上周就能克隆一些东西而没有任何问题.我也能够卷曲文件git抱怨没有做任何有趣的技巧:
wug@wugputer:/src/test$curl https://github.com/atom/atom.git/info/refs Please upgrade your git client. GitHub.com no longer supports git over dumb-http: https://github.com/blog/809-git-dumb-http-transport-to-be-turned-off-in-90-days
openssl还报告证书很好:
wug@wugputer:/src/test$openssl s_client -connect github.com:443 -CApath /etc/ssl/certs CONNECTED(00000003) depth=2 C = US,O = DigiCert Inc,OU = www.digicert.com,CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US,CN = DigiCert SHA2 Extended Validation Server CA verify return:1 depth=0 businessCategory = Private Organization,1.3.6.1.4.1.311.60.2.1.3 = US,1.3.6.1.4.1.311.60.2.1.2 = Delaware,serialNumber = 5157550,street = 548 4th Street,postalCode = 94107,C = US,ST = California,L = San Francisco,O = "GitHub,Inc.",CN = github.com verify return:1 --- Certificate chain 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548 4th Street/postalCode=94107/C=US/ST=California/L=San Francisco/O=GitHub,Inc./CN=github.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx MDcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp dGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx1Nw8r/3z Tu3BZ63myyLot+KrKPL33GJwCNEMr9YWaiGwNksXDTZjBK6/6iBRlWVm8r+5TaQM Kev1FbHoNbNwEJTVG1m0Jg/Wg1dZneF8Cd3gE8pNb0Obzc+HOhWnhd1mg+2TDP4r bTgceYiQz61YGC1R0cKj8keMbzgJubjvTJMLy4OUh+rgo7XZe5trD0P5yu6ADSin dvEl9ME1PPZ0rd5qM4J73P1LdqfC7vJqv6kkpl/nLnwO28N0c/p+xtjPYOs2ViG2 wYq4JIJNeCS66R2hiqeHvmYlab++O3JuT+DkhSUIsZGJuNZ0ZXabLE9iH6H6Or6c JL+fyrDFwGeNAgMBAAGjggHuMIIB6jAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl 0yHU+PjWDzAdBgNVHQ4EFgQUakOQfTuYFHJSlTqqKApD+FF+06YwJQYDVR0RBB4w HIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEuY3JsMDSg MqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEu Y3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBz Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEF BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRw Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxp ZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD ggEBAG/nbcuC8++QhwnXDxUiLIz+06scipbbXRJd0XjAMbD/RciJ9wiYUhcfTEsg ZGpt21DXEL5+q/4vgNipSlhBaYFyGQiDm5IQTmIte0ZwQ26jUxMf4pOmI1v3kj43 FHU7uUskQS6lPUgND5nqHkKXxv6V2qtHmssrA9YNQMEK93ga2rWDpK21mUkgLviT PB5sPdE7IzprOCp+Ynpf3RcFddAkXb6NqJoQRPrStMrv19C1dqUmJRwIQdhkkqev ff6IQDlhC8BIMKmCNK33cEYDfDWROtW7JNgBvBTwww8jO1gyug8SbGZ6bZ3k8OV8 XX4C2NesiZcLYbc2n7B9O+63M2k= -----END CERTIFICATE----- subject=/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548 4th Street/postalCode=94107/C=US/ST=California/L=San Francisco/O=GitHub,Inc./CN=github.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA --- No client certificate CA names sent --- SSL handshake has read 3233 bytes and written 443 bytes --- New,TLSv1/SSLv3,Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: B5209FBCD0437CE4443399C5488071EAF6236ED8C489C0EF62E73A4453E3AB7C Session-ID-ctx: Master-Key: 61E892AA74B881B7CE7C69DD0843B282BCAF6646282BB8099C2D3D84C63F3D311211822FB129432AE112A7E99BF07BCB Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1399403523 Timeout : 300 (sec) Verify return code: 0 (ok) ---
但最奇怪的是,如果我在strace中运行它,原来的git clone调用将会重新运行.
wug@wugputer:/src/test$strace git clone https://github.com/atom/atom.git [lots of output snipped] [works correctly]
我不知道是怎么回事.为什么git对github.com的证书如此生气,当其他一切都没问题的时候?更重要的是,当我试图检查时,为什么问题会消失?