问题
Issue:
I have been trying to clone a git repository from a Ubuntu AWS instance, through an http proxy (set in git global config) from an enterprise GitHub server.
Cloning from the proxy works, but cloning from the instance (through the proxy) I get the following error:
fatal: unable to access 'https://githubserver.company.com/repository.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
I have already tried to download the server certificate, add it to my trusted certificates and specify the http.sslCAInfo or http.sslCAPath options in the git config as specified in many, many other threads.
Apparently, everyone else who had this issue was able to at least debug the issue or make a one-time exception to security rules by temporarily disabling ssl verification in the git configuration.
Yet using git config --global http.sslVerify false or any variation (as a command flag, environment variable, at a local, global or system level, etc.) has no effect.
This has happened to people with unsynchronized dates/times (but the time in the AWS instance and the proxy are both synchronized through the same ntp server), or in a specific context on Windows, but I cannot find any other instance of this git configuration being ignored like this on a Linux machine.
I am aware that this would have major security implications but not being able to find people with a similar problem makes me think that I must have missed something.
I have gone through dozens and dozens of similar threads and I wasn't able to find a single person with my same issue.
What I tried:
I got the certificate through:
openssl s_client -showcerts -connect $hostname:$port -servername $hostname
placed it in
/usr/local/share/ca-certificates/ as a .pem file
added the certificate to /etc/ssl/certs/ca-certificates.crt through
sudo update-ca-certificates.
and added the following options in the git global config:
sslCAInfo = /etc/ssl/certs/ca-certificats.crt
sslCAPath = /etc/ssl/certs/
Before trying:
git config --global http.sslVerify false
来源:https://stackoverflow.com/questions/63490725/http-sslverify-false-doesnt-disable-ssl-verification-in-git-config