如何配置 Git 以信任来自 Windows 证书存储的证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16668508/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I configure Git to trust certificates from the Windows Certificate Store?
提问by Julian Lettner
Currently I have the following entry in my .gitconfigin my user directory.
目前.gitconfig,我的用户目录中有以下条目。
...
[http]
sslCAInfo=C:\Users\julian.lettner\.ssh\git-test.pem
...
This sets the certificate to use when interacting with the git server (required by my company's git server).
这将设置与 git 服务器交互时要使用的证书(我公司的 git 服务器需要)。
But now I cannot clone other repositories (for example a public repository on GitHub), because the client always uses the configured certificate which gets rejected by other servers.
但是现在我无法克隆其他存储库(例如 GitHub 上的公共存储库),因为客户端总是使用被其他服务器拒绝的配置证书。
How can I circumvent this certification issue? Can I configure Git to use the Windows Certificate Store to authenticate?
我怎样才能规避这个认证问题?我可以将 Git 配置为使用 Windows 证书存储进行身份验证吗?
回答by Edward Thomson
Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do notneed to explicitly configure the curl CA storage mechanism.
从适用于 Windows 的 Git 2.14 开始,您现在可以将 Git 配置为使用内置的 Windows 网络层 SChannel。这意味着它将使用Windows证书存储机制,你并不需要显式配置卷曲CA存储机制。
From the Git for Windows 2.14 release notes:
来自 Git for Windows 2.14发行说明:
It is now possible to switch between Secure Channel and OpenSSL for Git's HTTPS transport by setting the
http.sslBackendconfig variable to"openssl"or"schannel"; This is now also the method used by the installer (rather than copyinglibcurl-4.dllfiles around).
现在可以通过将
http.sslBackend配置变量设置为"openssl"或来在安全通道和 OpenSSL 之间切换以进行 Git 的 HTTPS 传输"schannel";这现在也是安装程序使用的方法(而不是复制libcurl-4.dll文件)。
You can choose the new SChannel mechanism during the installation of Git for Windows 2.14. You can also update an existing installation to use SChannel by running:
您可以在安装 Git for Windows 2.14 的过程中选择新的 SChannel 机制。您还可以通过运行以下命令更新现有安装以使用 SChannel:
git config --global http.sslBackend schannel
Once you have configured this, Git will use the Windows certificate store and should not require (and, in fact, should ignore) the http.sslCAInfoconfiguration setting.
一旦你配置了这个,Git 将使用 Windows 证书存储并且不需要(并且实际上应该忽略)http.sslCAInfo配置设置。
回答by Andomar
Use:
用:
git config --local ...
To specify per-repository settings. Local settings are stored in the .gitdirectory.
指定每个存储库的设置。本地设置存储在.git目录中。
An overview of the three locations where gitcan store settings:
git可以存储设置的三个位置的概述:
--local: Repository specific,<repo_dir>/.git/config--global: User-specific,~/.gitconfig--system: System default,/etc/gitconfig
--local:特定于存储库,<repo_dir>/.git/config--global: 用户特定的,~/.gitconfig--system: 系统默认,/etc/gitconfig
More specific ones override more general settings, i.e. local overrides both global and system.
更具体的覆盖更一般的设置,即本地覆盖全局和系统。
