You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on a project where I'm using libgit2 and I need to support mutual TLS auth. So validating the server certificate (which I have figured out) but also passing a TLS cert for the user to the server for authentication (which I have not figured out).
This works from the git command line with the following options:
http.sslCAInfo = <path to system cA>
http.sslKey = <path to user private key>
http.sslCert = <path to user public key>
I found the GIT_SET_SSL_CERT_LOCATIONS where I set the path for sslCAInfo (I'm setting a file, setting directory to null).
But I don't see any where to set the user public/private key. I'm hoping support for something like this is here and I just can't find the correct way to set things up.
I have messed with the certificate_check callback and see it getting called to validate the server CA (it does set 'valid=1' after I used the GIT_SET_SSL_CERT_LOCATIONS). I also added a callback for 'credentials' (which it doesn't get that far before failing).
On the http server, I see the error:
(mod_openssl.c) SSL: 1 error: 0A000C7:SSL routines::peer did not return a certificate.
So, it did connected, but I'm not sure were to have the cert sent.
For reference I'm using RHEL9 provided libgit2 (from rpm) which is version 1.7.2.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm working on a project where I'm using libgit2 and I need to support mutual TLS auth. So validating the server certificate (which I have figured out) but also passing a TLS cert for the user to the server for authentication (which I have not figured out).
This works from the git command line with the following options:
I found the GIT_SET_SSL_CERT_LOCATIONS where I set the path for sslCAInfo (I'm setting a file, setting directory to null).
But I don't see any where to set the user public/private key. I'm hoping support for something like this is here and I just can't find the correct way to set things up.
I have messed with the certificate_check callback and see it getting called to validate the server CA (it does set 'valid=1' after I used the GIT_SET_SSL_CERT_LOCATIONS). I also added a callback for 'credentials' (which it doesn't get that far before failing).
On the http server, I see the error:
(mod_openssl.c) SSL: 1 error: 0A000C7:SSL routines::peer did not return a certificate.
So, it did connected, but I'm not sure were to have the cert sent.
For reference I'm using RHEL9 provided libgit2 (from rpm) which is version 1.7.2.
Beta Was this translation helpful? Give feedback.
All reactions