You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm on Windows (10.0.19045.3930, if it matters) and using libgit2sharp 0.29, which switched to libgit2 1.7.1. 1.7.0 introduced (optional, configurable?) schannel support, which I'm suspecting is causing my problem: attempting to clone fails with a "certificate revocation status could not be verified" error. I can reproduce this with command-line git (2.43.0) if I explicitly set the option http.schannelCheckRevoke to true, which then gives schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. This is odd in itself, because according to the docs, this should be the default anyway. But sure enough, if I unset the option, or explicitly set it to false, command-line git as well as libgit2sharp 0.28 clone just fine.
This can of course be worked around in various ways, including making revocation work (somehow) or overriding certificate checking with a callback and re-doing the verification myself with revocation checking turned off (clunky as that is), but I suspect that in order for this to work through configuration as it does now, libgit2 would need explicit support for the http.schannelCheckRevoke option and it currently doesn't have it, correct?
Apologies for not supplying a full repro; this would require both setting up a failing revocation through schannel as well as conjuring up code for calling libgit2 directly. I think I'm at least correct in locating the issue in libgit2 rather than libgit2sharp.
The text was updated successfully, but these errors were encountered:
I'm on Windows (10.0.19045.3930, if it matters) and using libgit2sharp 0.29, which switched to libgit2 1.7.1. 1.7.0 introduced (optional, configurable?) schannel support, which I'm suspecting is causing my problem: attempting to clone fails with a "certificate revocation status could not be verified" error. I can reproduce this with command-line git (2.43.0) if I explicitly set the option
http.schannelCheckRevoke
totrue
, which then givesschannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
This is odd in itself, because according to the docs, this should be the default anyway. But sure enough, if I unset the option, or explicitly set it tofalse
, command-line git as well as libgit2sharp 0.28 clone just fine.This can of course be worked around in various ways, including making revocation work (somehow) or overriding certificate checking with a callback and re-doing the verification myself with revocation checking turned off (clunky as that is), but I suspect that in order for this to work through configuration as it does now, libgit2 would need explicit support for the
http.schannelCheckRevoke
option and it currently doesn't have it, correct?Apologies for not supplying a full repro; this would require both setting up a failing revocation through schannel as well as conjuring up code for calling libgit2 directly. I think I'm at least correct in locating the issue in libgit2 rather than libgit2sharp.
The text was updated successfully, but these errors were encountered: