1

I am trying to add a submodule myapp to my admin directory, bith of which are gits. But I keep getting SSL certificate problem. I have done git config http.sslVerify false to try and get it to work (but I am not fully sure why this should help, it worked when I wanted to push to a master git push -u origin master).Any ideas?

$ pwd
/c/Users/UserName/dir/admin
$ git submodule add ../myapp/
Cloning into 'myapp'...
fatal: unable to access 'https://myserver.com/gogs/user1/myapp/': SSL certificate problem: unable to get local issuer certificate
Clone of 'https://myserver.com/gogs/user1/myapp' into submodule path 'myapp' failed
$ git config --list |grep ssl
http.sslverify=false
$

EDIT1

Tried it again in a similar environment using ssh but something wrong with my access rights. Any ideas?

$ git submodule add ssh:../../lte_data_day_summary/
Cloning into 'sceal/lte_data_day_summary'...
ssh: Could not resolve hostname ssh: Temporary failure in name resolution
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Clone of 'ssh:../../lte_data_day_summary/' into submodule path 'sceal/lte_data_day_summary' failed
$ pwd
/c/Users/User Name/dir1/dir2/sceal

EDIT2 - notes to self

global config 

$ git config --global --list
user.email=you@example.com
http.sslverify=false

local config -- why is there 2? is this local and global?

$ git config --list | grep ssl
http.sslverify=false
http.sslverify=false
Community
  • 1
  • 1
HattrickNZ
  • 4,373
  • 15
  • 54
  • 98
  • this might be what I need `git config --global http.sslverify false`. the `--global` is important here because I already had `http.sslverify=false`. but after settting it to global I get 2 `http.sslverify=false` now `$ git config --list | grep ssl http.sslverify=false http.sslverify=false ` – HattrickNZ Oct 20 '16 at 02:52
  • Have you resolved this issue? We modified our TFS communincation to SSL and now we are seeing the same SSL certificate problem: unable to get local issuer certificate. verifying SSL = false doesn't seem like a secure solution – Anthony May 25 '18 at 14:42
  • 1
    no still using this. sorry not to help but it is secure enough for my current environment – HattrickNZ May 28 '18 at 21:30

1 Answers1

0

This might be the cause: [PATCH] submodule: stop sanitizing config options - Jeff King


The point of having a whitelist of command-line config
options to pass to submodules was two-fold:

  1. It prevented obvious nonsense like using core.worktree
     for multiple repos.

  2. It could prevent surprise when the user did not mean
     for the options to leak to the submodules (e.g.,
     http.sslverify=false).

For case 1, the answer is mostly "if it hurts, don't do
that". For case 2, we can note that any such example has a
matching inverted surprise (e.g., a user who meant
http.sslverify=true to apply everywhere, but it didn't).

The configuration might be dropped in order to avoid passing them to the submodules and causing unintended results (like cloning a certificate verifiable HTTPS submodule without verification). A workaround is to set the GIT_SSL_NO_VERIFY environment variable to the git submodule command:

# Set the environment variable is sufficient, no content is necessary
GIT_SSL_NO_VERIFY= git submodule add ...
Buo-ren Lin
  • 142
  • 8