I recently started to use LibGit2Sharp and was able to start using this successfully. However, I am hitting one issue which I am unable to resolve related to SSL verification very similar to this one. For one of my scenario, I need to skip SSL verification.
I get the following exception when I try this scenario.
user cancelled certificate check:
I tried using the solution mentioned in the link above which is as follows.
RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, errors) => { return true; };
ServicePointManager.ServerCertificateValidationCallback = certificateValidationCallback;
GlobalSettings.RegisterSmartSubtransport<MockSmartSubtransport>("https");
I placed the above mentioned code before performing the git operation.
I see that the custom certificateValidationCallback is getting called. However, after that the git command fails with the following exception, "The remote server returned an error: (401) Unauthorized."
Any solution to this issue?
For one of my scenario, I need to skip SSL verification.
Then use the http.sslVerify configuration setting. If that doesn't work, file an issue in LibGit2Sharp. But don't try to use your own subtransport.
This is not something that should be done without knowing exactly what you're doing. This is not for trivial little things like SSL certificates, this is for when you have your own complete, existing HTTP stack that you want to use and you simply can't use the one that's included in LibGit2Sharp.
If you're experimenting thinking that maybe using your own subtransport will solve a very simple problem then it won't. And pulling a test out and trying to make it actually work is likely to fail. Now you are responsible for everything like authentication and SSL handling.
Instead, turn off SSL verification with the http.sslVerify configuration setting.
Skipping the TLS certificate check is not currently supported. libgit2 used to honour http.sslverify but that was replaced with a callback to give the caller knowledge about what they were connecting to. This callback allows the user to allow the connection to continue or to abort it. It is unfortunately not implemented at the moment in libgit2sharp.
And as Edward says, replacing the whole HTTP stack is not going to solve much, especially when it's a fake one named so.
Related
Sometimes when the rules are deployed from the decision center to RES, although the recent changes are visible in the new archive, on RES, but the execution results don't reflect them. It is as if the changes are not recognized at execution time. A second deployment without any changes to the rules, will fix the situation. Can somebody explain why this is happening?
You can try couple of things -
The XU MBean ruleset archive changed/modified notification might be failing. Check if you have the necessary access for this notification. You can try logging into the RES and Diagnostics->Run Diagnostics; and see if there are any errors. Also, you can see the ODM server logs for any errors, when you deploy the ruleset.
Check if there is any caching issue
I am trying to install SmartGit and trying to provide bitbucket as hosting provide. I provide correct credentials of my bitbucket account but I get following error:
=======================================
java.security.cert.CerfiticateException: SHA fingerprint of the certificate does not match.
Expected: [some string]
Actual: [some other string]
This may either mean that the server certificate has changed or that you are spoofed.
=======================================
I think this is related to SSL certificate but do not know how to fix it. Any help will be highly appreciated.
From [1]: to fix SmartGit 5.0.7.1 (and older) add following line to smartgit.properties (in the SmartGit settings directory, see About dialog):
smartgit.hostingProvider.bitbucket.sslFingerprint=37:A8:0E:13:87:DA:13:C3:B8:35:6F:84:EF:74:D2:38:B1:AC:59:9B
After restarting SmartGit, connection will work again.
[1] http://blog.syntevo.com/2014/03/09/1394361360000.html
Same problem here. Guess BitBucket changed their key since the latest version got released.
Solution (or rather, workaround)...:
Don't add BitBucket as a remote provider. Add your URL simply per each project.
Remote -> Add
You can find the URL for your projects on the web interface of BitBucket.
Right after you select a project of yours, a link is displayed on the right side of your screen. It starts with https ... That is what you need.
BitBucket just changed their certificates, as announced on their blog.
On March 7th at 22:00 UTC, we’ll be updating our SSL certificates to replace ones that will be expiring soon. It’s likely that you won’t notice any changes and won’t need to take any action.
You can work around it it using the per-project URLs as described in Shiki's answer.
Just add the following line to your ~/.smartgit/5/smartgit.properties
smartgit.hostingProvider.bitbucket.sslFingerprint=7F:E2:6E:8F:0B:7F:3A:CD:6E:02:54:04:03:57:39:BD:D2:4B:CF:AE
Then re-try adding Bitbucket and it should work.
I had this same issue, but for github and adding the fingerprint to smartgit.properties was not working.
What did work was updating to the latest build (last option in the Help menu).
I have a grails 1.3.7 application that makes an https api call to a third party using the apache HttpClient. The third party URL I'm hitting has a valid certificate. I create and execute my request like so:
HttpClient client = new DefaultHttpClient()
List<BasicNameValuePair> queryParams = new ArrayList<BasicNameValuePair>()
queryParams.add(new BasicNameValuePair("a_parameter", "a_parameter_value"))
URI uri = URIUtils.createURI("https", "third.party.address", 443, "/some/url/for/us", URLEncodedUtils.format(queryParams, "UTF-8"), null)
HttpGet httpGet = new HttpGet(uri)
try {
log.debug "Sending request to ${uri}"
return client.execute(httpGet)
} catch(HttpException e) {
log.error "HttpException during location lookup request: ${e}"
return
} catch(IOException e) {
log.error "IOException during location lookup request: ${e}"
return
}
This works fine when I'm running my project in dev mode. I'm also able to directly call the same URL from curl and my browser with no errors. However, once my project is built into a war file and put on a tomcat instance that has a certificate/keystore defined so that clients can connect to US using https, my requests start failing with the following IOException:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I'm trying to figure out the point of failure here.
Why is making an https request from curl or my dev mode different than making an https request from an https configured tomcat instance?
The tomcat instance is not publicly accessible, but there are no certificate issues when I connect to it from my browser (chrome says the cert is fine, as does a verbose curl request).
I'm not an https/ssl expert by any stretch, so I'm looking for help explaining what is wrong, why it's wrong, and how I can fix it. I can provide any other needed info.
---Update---
I enabled the javax.net.debug as suggested below and the output included the following error:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be\
non-empty
My googling has made me think that this issue is because I'm using the following java opt when starting tomcat:
-Djavax.net.ssl.trustStore=/path/to/tomcat/conf/myStore.jks
If that's true, how can I add the things I needed in myStore.jks and not override the defaults so everyone is happy?
The solution for me ended up being that we were overriding the default java trust store with our own with the java opt. This caused the cert sent by the third party to appear to be invalid since we didn't have any of the default root certs in our myStore.jks.
By adding our self-signed cert into the default java one (/lib/security/cacerts) and removing the java opt, everything was fine.
An alternative would be to add everything in the default java store into your custom store and still use the java opt. Whichever you find more maintainable for your situation.
I have seen this error so many times. I have used the following utility to grab a cert from a site that uses SSL. Go here and grab InstallCert. Compile and Run this utility. You can use the file which was generated by this utility as a keystore.
i have service to send sms to the mobile through Application. I am getting the follwing error.
2011-06-06 19:37:35,729 [http-8080-2] ERROR sipgate.SipgateService - Server returned HTTP response code: 401 for URL: https://samurai.sipgate.net/RPC2
This probably means you are using an invalid username or password
Have you set up the config as explained on the plugin page (at the top of the documentation)?
I also assume that this means your earlier problem was solved... Can you accept the answer if my answer helped, or explain what you did to fix it if it did not?
I agree with Tim. You can only log in, if your Sipgate-Registration was verified by Sipgate.
Points, which you can check to see if your account is not working:
Try to log in on the sipgate.de webpage
Use the Perl-Client given here: http://www.sipgate.de/basic/api
The client can be downloaded at this location:http://www.sipgate.de/beta/public/static/downloads/basic/api/sipgate_api_perl_examples.zip
Hopefully you should not be able to do at least one of these things. Then you know you have to talk to the support # sipgate
The documentation on the plugin-page says, you have to have a 'conf/Config.groovy'-file. This means that you should have the basic Config.groovy file in the folder 'grails-app/conf/', which ships with every Grails installation. So my guess is that you might have created a different Config.groovy-file. So better check on the Config.groovy-file. The SMS-plugin should have generated some placeholders for you, where you need to enter your sipgate-account-data.
We have a situation where our builds have stopped executing in a stable manner.
At a rate of about one every three we receive either TF215096 or TF215097 errors & the Build fails.
If we then restart the Build controller, it works again - until next time.
The errors we get are:
TF215096: An error occurred while connecting to controller vstfs:///Build/Controller/1: There was no endpoint listening at ht*p://XXXX that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
TF215096: An error occurred while connecting to controller XXX - Controller: Could not connect to ht*p://XXX. TCP error code 10061: No connection could be made because the target machine actively refused it 192.168.XXX.XXX:XXX.
TF215097: An error occurred while initializing a build for build definition \XXX: Team Foundation services are not available from server ht*p://XXX. Technical information (for administrator): The underlying connection was closed: A connection that was expected to be kept alive was closed by the server.
TF215097: An error occurred while initializing a build for build definition \YYY: An error occurred while receiving the HTTP response to ht*p://XXX. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
Server logs provide with little info, at least we 've found nothing that helps us resolve the situation. Various searches in the Net were also not productive.
Does anybody had these/similar issues? Any ideas on how/where to look for a resolution?
Thank you very much in advance for any input!
Yeah it does sound like you have some connectivity issues. You can try enabling SOAP tracing on both the build machine and the server (if possible) to see if there is any error. If it still does not give you any new information, contact Microsoft by filing a Connect Bug to get help.
I am not sure if it will help you but I have ran into similar issues with build agents and ended up just deleting and re-creating the agent. You may try deleting your controller/agent and adding it back in. A brute-force solution but a good starting point. If that doesn't resolve the issue at least you can eliminate the controller/agent as the issue and take a look at network/server related issues.
Today is a happy day, since we managed to get to the bottom of the matter. Sorry #Duat that I'm taking away the 'answer' checkmark - but it turned out that the problem was quite different from what you (and anybody else) has predicted.
In my last update I was about to forward the matter to MS, when we realized that our Firewall was misbehaving in the name resolution. So we assumed this was the culprit & awaited for this to resolve. After this was resolved, we STILL had the same issues and we went again re-examining the situation.
We isolated the problem within our Build Process, more specific with a custom code activity included in our build solution.
I had implemented a code activity that would kick in at the final steps of every build. This activity was about gathering BuildDetails about the running build & add them as a new line in a 'BuildLog.xls'. Implementation made use of Microsoft.Office.Interop.Excel.This excel sheet resides in another server (NOT on the Servers where the controller/agents reside).
During development of this activity I was faced with issues like this, but after I was done no instances of EXCEL were left hanging. So I thought this was done & dealt with.
With try & error, we observed that when this activity wouldn't ran, no problems would occur.
With this activity running, the very first build after a build-controller reset would succeed, any next build had a certain chance to fail. Once any build failed, no other would succeed until another build-controller reset.
I have only a general understanding of what the problem was (Excel-call is DCOM, TFS services are WCF : How on earth would they interfere?! Why would this sometimes succeed and sometimes fail?! ).
The provided diagnostics were no help either, in fact they mislead us into a loop that continued for months.
If I ever find the time, I 'd like to cleanly reproduce the error & make a Server Fault question out of it...
After removal of this activity it works! I now searched in SO & found this, where J.Saunders comments: "In general, you should never use Office Interop from a server environment". It's ironic that once you get to the bottom of any difficult issue, the whole universe seems to have known about it except you...