如何使git tell curl使用openssl而不是gnutls而不重建包? [英] How can I make git tell curl to use openssl instead of gnutls without rebuilding the package?
问题描述
我们有一个内部服务器,GnuTLS不喜欢,例如:
We have an internal server that GnuTLS doesn't like, e.g:
gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt foo.example.com
Processed 173 CA certificate(s).
Resolving 'foo.example.com'...
Connecting to '1.2.3.4:443'...
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
除了GnuTLS之外的一切都可以确认,但git似乎在Ubuntu上使用GnuTLS 14.04.2 LTS所以git失败与:
Everything other than GnuTLS talks to it ok, but git appears to use GnuTLS out of the box on Ubuntu 14.04.2 LTS so git fails with:
GIT_CURL_VERBOSE=1 git clone https://foo.example.com/some-repo.git
Cloning into 'some-repo'...
* Couldn't find host foo.example.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 1.2.3.4...
* Connected to foo.example.com (1.2.3.4) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
fatal: unable to access 'https://foo.example.com/some-repo.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
解决与GnuTLS不兼容,但在同一时间有一种方法来强制git告诉curl在运行时使用另一个SSL引擎(即不从源重建git)?
We're working on fixing the incompatibility with GnuTLS, but in the mean time is there a way to force git to tell curl to use another SSL engine at runtime (i.e not rebuilding git from source)?
推荐答案
git构建为使用libcurl,libcurl构建为使用单个固定TLS库,无法在运行时更改。
git is built to use libcurl, libcurl is built to use a single fixed TLS library that cannot be changed in run-time.
但是你可以强制git在运行时使用不同的libcurl构建,libcurl可以使用OpenSSL。这是最简单的做法是把OpenSSL使用libcurl在一个单独的目录,从标准一个你有,然后你做其中之一:
You can however force git to use a different libcurl build at run-time, and that libcurl could be using OpenSSL. That's easiest done by putting that OpenSSL-using libcurl in a separate directory from the "standard" one you have and then you do one of these:
-
确保
/etc/ld.so.conf在旧的libcurl托管目录之前列出新的目录 - 虽然然后它将更改所有程序的此设置使用libcurl,你可能不想要(根据你的请求方式)
Make sure
/etc/ld.so.conflists that new dir before the old libcurl hosting directory - although then it'll change this setup for all programs using libcurl and you probably don't want that (based on your way of asking)
putLD_LIBRARY_PATH = [你的特殊libcurl的目录]
put "LD_LIBRARY_PATH=[directory where your special libcurl is] git" into a script or alias called "git2" and use that instead of the ordinary git.
这篇关于如何使git tell curl使用openssl而不是gnutls而不重建包?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
