Forums » Software Development »
Accessing git repositories when behind firewall
Added by Mladen Kerep over 7 years ago
The instructions on the wiki use the git protocol for accessing the repositories. I'm trying to clone from within the company but cloning fails with error " support.criticallink.com: Name or service not known ".
This is because the git protocol runs through port number 9418 which is blocked (or not opened) by our firewall.
Is there some other way to clone (preferably through https) into the repositories ?
https access has been enabled for Critical Link repositories on https://support.criticallink.com
The URL for each repository is formed from https://support.criticallink.com/git/<repos.git>
If you try to access git via the https protocol and get an error like
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
It just means that the your machine does not have the required certificate path to our CA. You have 2 choices.
- Add our cert to your CRT bundle The following command (on linux) will get the certs to add:
echo -n | openssl s_client -showcerts -connect support.criticallink.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
- Tell git to ignore the cert issue
export GIT_SSL_NO_VERIFY=1
The URL for each repository is formed from https://support.criticallink.com/git/<repos.git>
It was my 1st guess, that corresponding https urls exist, but it was not evident to find them ...
If you try to access git via the https protocol and get an error like
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
It just means that the your machine does not have the required certificate path to our CA. You have 2 choices.
1. Add our cert to your CRT bundle The following command (on linux) will get the certs to add:
echo -n | openssl s_client -showcerts -connect support.criticallink.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
That leads to error:
gethostbyname failure
connect:errno=0
2. Tell git to ignore the cert issue
export GIT_SSL_NO_VERIFY=1
Doing this globally is risky. Doing this on a per repository basis is a pain. Better would be to disable certificate verification for concerned repositores only with git config http.sslVerify "false".
That would work for local repositories, but what about programs/tools such as 'hob' described in the Building the Root Filesystem using Yocto Wiki ?
Sorry, it was not clear that the https access is new 
Not sure about the gethostbyname failure... support.criticallink.com is the valid hostname.
Thanks for the tidbit on SSL no verify...
We are looking in to the cert path issue.
Go to top
