-
Bug
-
Resolution: Invalid
-
Low
-
None
-
None
-
None
-
None
-
Severity 2 - Major
-
Git LFS fails on PUSH over https. Generates the error:
http: Post https://<username>@<base_url>/scm/<proj>/<repo>.git/info/lf
s/objects/batch: remote error: tls: handshake failure
error: failed to push some refs to <repo_URL>
Push using HTTP works fine. Push to Bitbucket and communication with Bitbucket works fine when Git-LFS is not involved.
Steps
- clone a repository to the local client over https {{git clone https://<user name>@<base_URL>/scm/<project key>/<repo>.git - This is successful and proves that Git is able to clone over HTTPS to the Bitbucket Server
- cd <repo>
- vi test.txt #new file is created in the repo
- git lfs track "*.txt"
- git add .gitattributes
- git commit -a "Initial gitattribute file commit"
- git push origin master
- Review the Repository in Bitbucket UI and confirm that the new commit was recieved. This proves that Git is able to Push via HTTPS to the Bitbucket server
- echo "This is a text file for git-lfs" > testfile.txt
- git add .
- git commit -m "initial test file is committing"
- git push
The following can be seen with Verbose logging enabled:
<messages not related to git-lfs removed>... Connection #1 to host proxy-<PROXY_REMOVED> left intact 14:39:10.707171 run-command.c:336 trace: run_command: 'git credential-mana ger store' 14:39:11.192219 git.c:563 trace: exec: 'git-credential-manager' 's tore' 14:39:11.196220 run-command.c:336 trace: run_command: 'git-credential-mana ger' 'store' 14:39:11.458246 pkt-line.c:80 packet: git< # service=git-rece ive-pack 14:39:11.458246 pkt-line.c:80 packet: git< 0000 14:39:11.458246 pkt-line.c:80 packet: git< 194b09786b877dbee0 3cf40b56711bc8e102d7f1 refs/heads/master\0 report-status delete-refs side-band-6 4k quiet ofs-delta agent=git/2.1.0 14:39:11.458246 pkt-line.c:80 packet: git< 0000 14:39:11.466247 run-command.c:336 trace: run_command: '.git/hooks/pre-push ' 'origin' 'https://<username>@<base_url>/scm/<project>/<repo>.git' 14:39:11.614261 git.c:563 trace: exec: 'git-lfs' 'pre-push' 'origi n' 'https://<username>@<base_url>/scm/<project>/<repo>.git' 14:39:11.616262 run-command.c:336 trace: run_command: 'git-lfs' 'pre-push' 'origin' 'https://<username>@<base_url>/scm/<project>/<repo>.git' trace git-lfs: run_command: 'git' version trace git-lfs: pre-push: refs/heads/master 60b447495d03f79945831d063a7554bf9c2bb 048 refs/heads/master 194b09786b877dbee03cf40b56711bc8e102d7f1 trace git-lfs: run_command: git rev-list --objects 60b447495d03f79945831d063a755 4bf9c2bb048 --not --remotes=origin -- trace git-lfs: run_command: git cat-file --batch-check trace git-lfs: run_command: git cat-file --batch trace git-lfs: run_command: 'git' config -l trace git-lfs: tq: running as batched queue, batch size of 100 trace git-lfs: tq: sending batch of size 1 trace git-lfs: api: batch 1 files trace git-lfs: HTTP: POST https://<username>@<base_url>/scm/<project>/<repo>.git.git/info/lfs/objects/batch > POST /stash/scm/<project>/<repo>.git/info/lfs/objects/batch HTTP/1.1 > Host: <HOST_REMOVED> > Accept: application/vnd.git-lfs+json; charset=utf-8 > Content-Length: 119 > Content-Type: application/vnd.git-lfs+json; charset=utf-8 > User-Agent: git-lfs/1.5.5 (GitHub; windows amd64; go 1.7.4; git c2dcd6f5) > trace git-lfs: tq: enqueue retry #1 for "c710bcb2e0c52fe1d147e6b6563f9a4e3cf71ed b8937e6ed6d28b1ce1a652b0c" (size: 12) trace git-lfs: tq: flushing batch in response to retry #1 for "c710bcb2e0c52fe1d 147e6b6563f9a4e3cf71edb8937e6ed6d28b1ce1a652b0c" (size: 12) trace git-lfs: tq: sending batch of size 1 trace git-lfs: api: batch 1 files trace git-lfs: HTTP: POST https://<username>@<base_url>/scm/<project>/<repo>.git/info/lfs/objects/batch > POST /<context>/scm/<project>/<repo>.git/info/lfs/objects/batch HTTP/1.1 > Host: <HOST_REMOVED> > Accept: application/vnd.git-lfs+json; charset=utf-8 > Content-Length: 119 > Content-Type: application/vnd.git-lfs+json; charset=utf-8 > User-Agent: git-lfs/1.5.5 (GitHub; windows amd64; go 1.7.4; git c2dcd6f5) > trace git-lfs: tq: refusing to retry "c710bcb2e0c52fe1d147e6b6563f9a4e3cf71edb89 37e6ed6d28b1ce1a652b0c", too many retries (1) Git LFS: (0 of 1 files) 0 B / 12 B http: Post https://<username>@<base_url>/scm/<project>/<repo>.git/info/lf s/objects/batch: remote error: tls: handshake failure error: failed to push some refs to 'https://<username>@<base_url>/scm/<project>/<repo>.git'
Steps Tried
- Connect to Bitbucket via HTTP - This works
- Tried multiple versions of Git-LFS. Verified that Git-LFS is higher that 1.5.5 where an issue with HTTPS communication was resolved
- Tried manually importing the certificate in use to the Windows Certificate Store
- Tried setting git config http.sslVerify false
- Verified that the certificate details are in the git config and that only git-lfs is impacted
git config --global --list user.name=xxxxxx.xxxxx user.email=axxxxxxx.xxxxx@xxxxxxx.com http.sslverify=false http.sslcert=C:/Users/xxxxxx/Desktop/IMP/cerificate/INT/mycert-dn.crt http.sslkey=C:/Users/xxxxxxx/Desktop/IMP/cerificate/INT/mycert-dn.key http.sslcainfo=C:/Users/xxxxxxx/Desktop/IMP/cerificate/INT/cacert-dn.crt http.proxy=http://proxy-bl3.inxxxxx.xxxxxx.net:xxxxx http.postbuffer=2M filter.lfs.required=true filter.lfs.process=git-lfs filter-process filter.lfs.clean=git-lfs clean – %f filter.lfs.smudge=git-lfs smudge – %f
Expected Behavior
git-lfs should use and trust the same certificates that are used by git and we should not get a tls handshake failure.