Error when cloning git repository over HTTPS
I received an error cloning a git repository over HTTPS, the error is:
error: error setting certificate verify locations:
CAfile: /bin/curl-ca-bundle.crt CApath: none while accessing
https://trunksapp.com/...
Am I doing something wrong? Over SSH the clone worked just fine.
Support Staff 2 Posted by Ken Robertson on 15 Apr, 2010 03:21 AM
What Git client/version are you using to access the repository?
3 Posted by damien.white on 15 Apr, 2010 03:39 AM
git version 1.6.5.1.1367.gcd48
On Windows...
Support Staff 4 Posted by Ken Robertson on 15 Apr, 2010 05:32 AM
I don't have any Windows systems with git 1.6 on them still. I still had 1.6.5 on one of my Macs and it is working with repositories over HTTPS just fine.
Have you tried using the mysysgit builds of git for Windows? I've been using it without any problems and without needing cygwin at all.
Additionally, regardless of which Windows build, I wouldn't recommend using HTTPS with git 1.6.5 or earlier. Previous versions of git had weak HTTP support and it was really inefficient. In git 1.6.6, they added "smart HTTP" which made git work over HTTP almost as efficiently as over ssh. Git 1.7 has been working great and I would highly recommend it over 1.6.5 or earlier if you want to use HTTP.
5 Posted by damien.white on 15 Apr, 2010 01:45 PM
I upgraded to 1.7.0.2 from here http://code.google.com/p/msysgit/downloads/list
git version 1.7.0.2.msysgit.0
Same error. The syntax is just:
git clone https://trunksapp.com/USERNAME/PROJECT NAME.git
Correct?
Support Staff 6 Posted by Ken Robertson on 15 Apr, 2010 02:07 PM
It looks like the core issue is that the root certificate of the certificate authority who generated it isn't trusted by the system.
I haven't been able to reproduce it from Windows yet, though my main systems are all Windows 7 and Windows 2008. I can try it on an XP system later, however if it is related to the root certificate not being trusted, then there isn't much we can do. Our certificates are from Equifax, and if it is that strict, would likely need ones from VeriSign which are quite cost prohibitive. Other applications will ask you to trust a certificate, but it looks like git is just wrapping curl and won't.
If you have SSH access working, I would recommend just sticking with that. It is the preferred way of accessing git repositories even with git's newer HTTP support.
Ken Robertson closed this discussion on 15 Apr, 2010 02:07 PM.
damien.white re-opened this discussion on 15 Apr, 2010 03:15 PM
7 Posted by damien.white on 15 Apr, 2010 03:15 PM
I'm on Windows 7 as well (x64, not sure if that matters or not).
The file /bin/curl-ca-bundle.crt is located within my git bin directory. It seems like curl can't find it or something.
For now, SSH is fine to stick with, but was interested in HTTPS. However, now that I discovered it doesn't work, I'm one of those guys who will keep searching for an answer because it drives me nuts :)
Support Staff 8 Posted by Ken Robertson on 15 Apr, 2010 04:11 PM
I was able to reproduce it with a Win7 x64 VM. I'll see if I narrow down the cause or if there are different trusted root certificates between x86 and x64 builds.
9 Posted by John Clayton on 04 May, 2010 08:53 PM
Just checking if there has been any resolution on this. Cloning via HTTPS is much more firewall-friendly.
I'm using git version 1.7.0.2.msysgit.0 on Windows 7 x64 as well.
Support Staff 10 Posted by Ken Robertson on 04 May, 2010 11:18 PM
No, I haven't been able to track down the cause of it yet.
11 Posted by Carlos on 30 Jun, 2010 08:57 PM
Did any of you manage to solve the problem? I am getting the same error in a win7 x64 with the lastest version of Git for windows (1.7.0.2)
Thanks in advance,
Carlos
12 Posted by same on 18 Jul, 2010 05:31 AM
same here =/ and no solution so far =(
13 Posted by Nils Luxton on 22 Jul, 2010 04:03 PM
Hi all,
Managed to find a solution (of sorts) to the above problem.
If you edit c:\Program Files (x86)\Git\etc\gitconfig you will see the following line:
sslCAinfo = /bin/curl-ca-bundle.crt
I simply changed this to read:
sslCAinfo = c:/Program Files (x86)/Git/bin/curl-ca-bundle.crt
and the above problem disappeared.
Can others verify this?
14 Posted by John Clayton on 22 Jul, 2010 04:29 PM
No luck - on Windows 7 x64 and Git for Windows 1.7.0.2 I get a new error once the full path is added to gitconfig:
error: The requested URL returned error: 401 while accessing https://trunksapp.com/username/project.git/info/refs
Maybe since it's gotten past the SSL issues this is something Trunks can fix on their side? This happens both as my regular user and when elevated.
15 Posted by Nils Luxton on 23 Jul, 2010 09:08 AM
Firstly, let me state that I'm not working with entirely different repositories that belong to my company, so you may well run into other difficulties that are related to "Trunks" (I found this thread whilst searching for the problem seen above)
However, I also got a 401 error, but if I cloned using Git Bash it seemed to work fine.
I used the following command:
git clone https://***@ourdomain.com/projectname c:/target/dir
and that asked me for a password and no longer gave me a 401.
It might help someone out there, it might not; I'm pretty new to Git so if I'm giving unhelpful advice, please forgive me!
16 Posted by Gabriel Hernandez on 17 Aug, 2010 06:39 AM
I was having the same problem described above on windows 7 64-bit and was able to fix it using the following command from git-bash
$git config --system http.sslcainfo \bin/curl-ca-bundle.crt17 Posted by David Alpert on 14 Nov, 2010 05:30 AM
I was having this issue on a Win7x64Pro box. Didn't have it then suddenly last week began having it.
Solved it tonight with the help of this blog post: http://everyday-tech.blogspot.com/2010/07/git-error-error-setting-c...
Except I had to use
$git config --system http.sslcainfo \\bin\\curl-ca-bundle.crtdouble backslashing the slashes to get them properly escaped and properly recognized.
Now pulling from github over https works again.
18 Posted by Hrish on 10 Dec, 2010 11:14 AM
@Nils - Your post (#13) solved it for me. Thanks!
19 Posted by ahoekstra on 31 Dec, 2010 04:53 PM
The reposnse in post #13 worked for me as well. Thank you..
20 Posted by umpirsky on 08 Jan, 2011 11:43 AM
Thanks Nils Luxton, it worked for me!
21 Posted by peterennis on 18 Jan, 2011 10:02 PM
@Nils - Your post (#13) solved it for me also.
NOTE: For XP running 32bit the (x86) is not needed. It is only relavent to 64 bit Windows.
22 Posted by G-Mac on 25 Jan, 2011 09:40 PM
Lucky #13 solved my problem as well...
23 Posted by MrOrz on 22 May, 2011 08:39 AM
13 also worked like a charm on my machine. Thanks!
24 Posted by haiku on 20 Nov, 2011 06:27 AM
this worked for me, #13 did not.
git config --global http.sslcainfo "/c/Program Files (x86)/Git/bin/curl-ca-bundle.crt"
25 Posted by s.Daniel on 30 Jan, 2012 11:40 AM
Updating to the latest msysgit version solved the error for me.