Posted by jpluimers on 2015/05/28
A while ago, I was fighting a corporate web proxy playing Man-in-the-Middle on all https sessions.
Though playing MitM on your employees is a debatable thing to do (especially without informing the employees, and illegal in certain countries, I had to get a GIT connection to the outside world working.
This helped tracking it down: GIT_CURL_VERBOSE “unable to get local issuer certificate”.
What I finally did was this:
- obtain the CA certificate that issues the MitM certificate in base-64 CRT form (which is the same as the PEM form):
- added it at the top of either of these files:
- added it to the top of either of these files:
PS: These were the failures I was getting:
Read the rest of this entry »
Posted in *nix, cURL, Development, DVCS - Distributed Version Control, git, PKI, Power User, Security, Source Code Management | Leave a Comment »
Posted by jpluimers on 2015/05/22
When during a git svn clone you get an error message starting with “RA layer request failed: PROPFIND request failed on” it means you have to set your git svn proxy.
This is in a different location than the git proxy setting (it would be too easy if these were the same, right?).
So you do not get/set it through commands like these:
git config --global --get http.proxy
git config --global http.proxy localhost:3128
Via Cannot do git-svn fetch behind proxy and git svn clone died of signal 11 under cygwin (thanks janos, Fredrik Pihl and User Pavel, I found out that you need to change these files (create the .subversion directory and servers file when they do not exist):
If you ever run in the same problem with the regular SVN client, then you need to change yet different files (why have 1 standard when you can have many?):
Ensure a section like this exists and fill in the blanks:
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = YOURPROXY.com
http-proxy-port = YOURPORT
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem<
In some poorly managed networked environments, the %AppData% environment variable can be wrong, so make sure your Windows profile is not somewhere on a network share.
TortoiseGit seems to use yet another directory for GIT SVN server configuration.
Posted in Cntlm, DVCS - Distributed Version Control, git, Power User, Source Code Management, SourceTree, Windows, Windows-Http-Proxy | Leave a Comment »
Posted by jpluimers on 2015/05/20
Adding relative links to screenshots in markdown files (like README.md) works way better at GitHub than on BitBucket:
For GitHub, this works, has documentation and various places with tips:
In fact it is a reason for some people to move public projects from Bitbucket to GitHub.
For private repositories that is different as GitHub charges for private repositories, but BitBucket has free private repositories.
Note: if you go the npm way, then you might want to have absolute URLs: Add images to readme.md in GitHub – Stack Overflow.
via: git – How to add screenshot to READMEs in github repository ? – Stack Overflow.
Posted in BitBucket, Development, DVCS - Distributed Version Control, git, GitHub, MarkDown, Mercurial/Hg, Power User, Source Code Management, SourceTree | Leave a Comment »
Posted by jpluimers on 2015/05/14
I tend to forget some of the keywords you can put into BitBucket commit messages to relate them to certain issues/bugs/tickets
Read the rest of this entry »
Posted in BitBucket, Development, GitHub, Software Development, Source Code Management | Leave a Comment »
Posted by jpluimers on 2015/04/10
This is an elaboration of How to fill proxy information in cntlm config file – Stack Overflow.
When digging around how to get authentication stuff going, I want as much information, so this was the command-line I used:
cntlm.exe -v -c cntlm.ini -I -M http://www.bbc.co.uk
The -v is important: it shows you why things fail, and where: It also shows you the NTLM headers sent back/forth over the wire.
These are the switches used:
- -v verbose
- -c configuration file
- -I interactive (prompt for password)
- -M magically detect the NTLM level used by the proxy
Since it is unsafe to store plain text passwords in configuration files, cntlm allows you to store the hashes.
Storing hashes not passwords locally is safer, but not much safer. See for instance Still Passing the Hash 15 Years Later: Guest Post: Let’s talk about Pass-the-Hash by Scriptjunkie the video How to own a Windows Domain or search for Mark Russinovich video windows hash ntlm hack.
Anyway: you can generate the password hashes using either Read the rest of this entry »
Posted in Development, DVCS - Distributed Version Control, Fiddler, git, HTTP, Internet protocol suite, Mercurial/Hg, NTLM, Power User, Software Development, Source Code Management, TCP, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Vista | Leave a Comment »