git github:服务器证书验证失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35821245/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
github: server certificate verification failed
提问by Torsten Crass
I just created a github account and a repository therein, but when trying to create a local working copy using the recommende url via
我刚刚在其中创建了一个 github 帐户和一个存储库,但是在尝试使用推荐的 url 创建本地工作副本时
git clone https://github.com/<user>/<project>.git
I get an error like
我收到类似的错误
fatal: unable to access '/
.git" rel="noreferrer">https://github.com/<user>/<project>.git ': server certificate verification failed. CAfile: /home/<user>/.ssl/trusted.pem CRLfile: none
致命:无法访问“ /
.git" rel="noreferrer">https://github.com/<user>/<project>.git ”:服务器证书验证失败。CAfile:/home/<user>/.ssl/trusted.pem CRLfile:无
I'm on Debian Jessie, and I would have expected both Debian and GitHub to provide / rely on a selection of commonly accepted CAs, but apparently my system doesn't trust GibHub's certificate.
我在 Debian Jessie 上,我希望 Debian 和 GitHub 都提供/依赖一些普遍接受的 CA,但显然我的系统不信任 GibHub 的证书。
Any simple way to fix this (without the frequently recommended "GIT_SSL_NO_VERIFY=true" hack and similar work-arounds)?
有什么简单的方法可以解决这个问题(没有经常推荐的“GIT_SSL_NO_VERIFY=true”黑客和类似的解决方法)?
EDIT:
编辑:
Additional information:
附加信息:
- The ca-certificate package is installed.
- Installing cacert.org's certificates as suggested by @VonC didn't change anything.
- My personal ~/.ssl/trusted.pem file does contain a couple of entries, but to be honest, I don't remember where the added certificates came from...
When removing ~/.ssl/trusted.pem, the git error message changes to
fatal: unable to access 'https://github.com/tcrass/scans2jpg.git/': Problem with the SSL CA cert (path? access rights?)
- 安装了 ca-certificate 包。
- 按照@VonC 的建议安装 cacert.org 的证书没有任何改变。
- 我的个人 ~/.ssl/trusted.pem 文件确实包含几个条目,但老实说,我不记得添加的证书来自哪里......
删除 ~/.ssl/trusted.pem 时,git 错误信息变为
fatal: unable to access 'https://github.com/tcrass/scans2jpg.git/': Problem with the SSL CA cert (path? access rights?)
EDIT:
编辑:
@VonC's advice regarding the git https.sslCAinfo option put me on the right track -- I just added the downloaded cacert.org CAs to my trusted.pem, and now git doesn't complain anymore.
@VonC 关于 git https.sslCAinfo 选项的建议让我走上了正轨——我刚刚将下载的 cacert.org CA 添加到了我的 trust.pem,现在 git 不再抱怨了。
回答by VonC
Make sure first that you have certificates installed on your Debian in /etc/ssl/certs.
首先确保您在 Debian 上安装了/etc/ssl/certs.
If not, reinstall them:
如果没有,请重新安装它们:
sudo apt-get install --reinstall ca-certificates
Since that package does not include rootcertificates, add:
由于该软件包不包含根证书,请添加:
sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates
Make sure your git does reference those CA:
确保您的 git 确实引用了这些 CA:
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
Jason Cmentions another potential cause (in the comments):
It was the clock. The NTP server was down, the system clock wasn't set properly, I didn't notice or think to check initially, and the incorrect time was causing verification to fail.
那是时钟。NTP服务器宕机,系统时钟设置不正确,我最初没有注意到或想检查,错误的时间导致验证失败。
回答by mkebri
You can also disable SSL verification, (if the project does not require a high level of security other than login/password) by typing :
您还可以通过键入以下内容禁用 SSL 验证(如果项目不需要除登录名/密码以外的高级别的安全性):
git config --global http.sslverify false
git config --global http.sslverify false
enjoy git :)
享受 git :)
回答by dmatej
It can be also self-signed certificate, etc. Turning off SSL verification globally is unsafe. You can install the certificate so it will be visible for the system, but the certificate should be perfectly correct.
它也可以是自签名证书等。全局关闭 SSL 验证是不安全的。您可以安装证书,以便系统可以看到它,但证书应该是完全正确的。
Or you can clone with one time configuration parameter, so the command will be:
或者您可以使用一个配置参数进行克隆,因此命令将是:
git clone -c http.sslverify=false https://myserver/<user>/<project>.git;
GIT will remember the false value, you can check it in the <project>/.git/configfile.
GIT 会记住 false 值,你可以在<project>/.git/config文件中查看。
回答by Егор Поляков
Try to connect to repositroy with url: http://github.com/<user>/<project>.git(http except https)
尝试使用 url 连接到存储库:http://github.com/<user>/<project>.git(http 除外 https)
In your case you should clone like this:
在您的情况下,您应该像这样克隆:
git clone http://github.com/<user>/<project>.git
