Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 357572

Summary: HTTPS fail
Product: [Technology] EGit Reporter: Robert Dolca <robert.dolca>
Component: CoreAssignee: Project Inbox <egit.core-inbox>
Status: NEW --- QA Contact:
Severity: major    
Priority: P3 CC: james.moger, robert.dolca
Version: 1.0   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:

Description Robert Dolca CLA 2011-09-13 18:03:33 EDT 
I am trying to pull/push using https. The error message is 

https://www.xxx.xx/xxx.git: cannot open git-upload-pack=

When I am using http everything works fine. I looked at apache access log and when I use https git does not try to access the server (no access log entry for that). 

http.sslVerify=false

The same repository works over https with msysgit using command line.
Comment 1 James Moger CLA 2011-09-28 09:18:39 EDT 
EGit/JGit differs slightly from CGit in its handling of http.sslVerify=false.  The main difference is that JGit will still verify the hostname of the certificate against the hostname you are trying pull/push.  So if your SSL certificate is built for a different hostname then you are pulling/pushing against then JGit will fail.

This is a problem which I *hope* will be fixed in the next release.  It was discussed on the JGit mailing list last June.
Comment 2 Robert Dolca CLA 2011-09-28 09:33:37 EDT 
Ok. But my ssl certificate is valid. I have a StartSSL (StarCom) SSl certificate. CGit validates it.
Comment 3 James Moger CLA 2011-09-28 09:53:49 EDT 
And the hostname built into your certificate matches the hostname of your pull/push url?  If so then your issue may be different, but the symptoms and description match exactly to certificate hostname verification that JGit does and CGit does not.
Comment 4 Robert Dolca CLA 2011-09-28 09:55:00 EDT 
https://www.bytehat.com/
Comment 5 James Moger CLA 2011-09-28 10:02:25 EDT 
Hmmm.  I bet this is still hostname verification.  After viewing your certificate with FireFox, it looks like you have a wildcard certificate.

I think from JGit's perspective, "*.bytehat.com" != "www.bytehat.com".  JGit uses Sun/Oracle's default hostname verifier.  I do not know if it supports wildcard verification.