-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl rpc 56 errno 0 when using git clone #13899
Comments
To understand what the problem is it would be good to have a look at the full debug log. |
Here is the log (same as in git-for-windows/git#4997)
|
You say "The proxy does unpack SSL traffic". Does that mean it acts as a man in the middle, terminating the git client TLS and having its own TLS session to the server? From the log, I see that there is a 1.3 second gap between curl reporting the POST content sent and the next attempt to read the response. That fails with the SSL_Read error which indicates that the proxy seen to have just closed the TCP connection. 1.3 seconds makes it unlikely that this is a timeout at the proxy or origin server that strikes here. Also, peculiar that you need to change both libcurl and openssl versions to have it working again. |
@tgemvz could you produce a similar log with the working combination? Maybe we can see a difference. |
Here is a similar log (scrubbed, demanded by company policy)
|
Thanks, I assume that You might stumble into a libcurl bug or into an incompatibility with your company proxy and OpenSSL 3.2.1 vs. 3.1.4. If you exchange the OpenSSL .dll for a libcurl it was not build with, all bets are off. So it's hard to say what is going on. Unless you are able to reproduce a libcurl problem that we can reproduce outselves and only can give us heavily redacted logs, I do not see how we can help you. If you need confidentiality, it might be an idea to buy professional curl support via https://curl.se/support.html. |
Observation: The delay comes from manually clicking "manager" in credential-selector (3 / 4 times) I also will clarify with my superiors how to go further in regards to buying professional support. Thank you for your efforts! Nevertheless here are less redacted logs: Not working constellation
Working constellation
|
This is peculiar indeed. If the problem is in libcurl, surely it would only be necessary to change libcurl? |
The libcurl we had to replace the problematic one was compiled against that other OpenSSL, therefore both need to be replaced (otherwise the process would fail to start due to a runtime link error). |
@tgemvz what are the chances that you could build a custom libcurl in Git for Windows' SDK? If you could set that up, it should be possible to bisect this to the commit that causes the behavior you observe. |
@tgemvz what I am thinking of is to:
|
@dscho Thanks for your input! tried switching to curl-8_7_0 and repeated steps 6. and 7.
What did I miss? |
I had encountered that before, and "fixed" it by forcing
I do not quite understand why that was necessary; I chalked it up to autoconf being... autoconf. |
Yes, Git for Windows' SDK (which really is a slightly modified version of MSYS2) comes with GCC v14.*. |
Tried to "integrate" the fix (changing output
running When exchanging the newly build Is my build "wrong" ? Again thanks for all your efforts! |
Hmm. You may need to use the "big hammer" of |
make clean did help :) But I am unsure if our "methodology" is corect: (same question as yesterday): I went back as far as trying to build a libcur-4.dll Version 8.5.0 always leading to the same error: RPC failed; curl 56 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0 @dscho |
Generally, the "SSL_ERROR_SYSCALL" error is returned when the TCP connection is abruptly getting a RST and similar drastic things. I don't think libcurl can even trigger it to happen but is something OpenSSL figures out and reports itself. |
That would suggest to me that the OpenSSL version upgrade might have introduced an undesirable change of behavior.
Ideally, delete it (for testing purposes). Since you built
They are separated for multiple reasons, the most important being called "DLL hell". Having them separated allows the Git for Windows project to update OpenSSL separately from having to rebuild the |
I did this
Updated git-for-windows from version 2.43.0 to Version 2.45.1
Then I tried to use "git clone" to clone a repo behind a corporate proxy.
The proxy does unpack SSL traffic, git ist configured to use openssl and a PEM file containing the complete certificate-chain as sslCAInfo.
Using the the newer Version of git, which in turn does use a newer Version of libcurl (among others) the command fails
With the help of @dscho over at git-for-windows/git#4997 we narrowed it down to newer Versions of libcurl (8.8.0 instead of 8.4.0) and openssl (3.2.1 instead 3.1.4) being used.
Only when exchanging both dlls (with the lower Versions) does a newer git client work behind a corporate proxy.
git clone verbos log with GIT_CURL_VERBOSE=1
I expected the following
git clone to complete
curl/libcurl version
libcurl 8.8.0
operating system
Windows 10
The text was updated successfully, but these errors were encountered: