Project

General

Profile

Accessing git repositories when behind firewall

Added by Mladen Kerep about 5 years ago

The instructions on the wiki use the git protocol for accessing the repositories. I'm trying to clone from within the company but cloning fails with error " support.criticallink.com: Name or service not known ".

This is because the git protocol runs through port number 9418 which is blocked (or not opened) by our firewall.

Is there some other way to clone (preferably through https) into the repositories ?


Replies (4)

RE: Accessing git repositories when behind firewall - Added by Tim Iskander about 5 years ago

https access has been enabled for Critical Link repositories on https://support.criticallink.com
The URL for each repository is formed from https://support.criticallink.com/git/<repos.git>

If you try to access git via the https protocol and get an error like

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

It just means that the your machine does not have the required certificate path to our CA. You have 2 choices.
  1. Add our cert to your CRT bundle The following command (on linux) will get the certs to add:

echo -n | openssl s_client -showcerts -connect support.criticallink.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

  1. Tell git to ignore the cert issue

export GIT_SSL_NO_VERIFY=1

RE: Accessing git repositories when behind firewall - Added by Mladen Kerep about 5 years ago

The URL for each repository is formed from https://support.criticallink.com/git/<repos.git>

It was my 1st guess, that corresponding https urls exist, but it was not evident to find them ...

If you try to access git via the https protocol and get an error like

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

It just means that the your machine does not have the required certificate path to our CA. You have 2 choices.
1. Add our cert to your CRT bundle The following command (on linux) will get the certs to add:

echo -n | openssl s_client -showcerts -connect support.criticallink.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

That leads to error:

gethostbyname failure
connect:errno=0

2. Tell git to ignore the cert issue

export GIT_SSL_NO_VERIFY=1

Doing this globally is risky. Doing this on a per repository basis is a pain. Better would be to disable certificate verification for concerned repositores only with git config http.sslVerify "false".
That would work for local repositories, but what about programs/tools such as 'hob' described in the Building the Root Filesystem using Yocto Wiki ?

RE: Accessing git repositories when behind firewall - Added by Tim Iskander about 5 years ago

Sorry, it was not clear that the https access is new :)

Not sure about the gethostbyname failure... support.criticallink.com is the valid hostname.

Thanks for the tidbit on SSL no verify...

We are looking in to the cert path issue.

    (1-4/4)
    Go to top
    Add picture from clipboard (Maximum size: 600 MB)