From: "Jason Pyeron" <jpyeron@pdinc.us>
To: <git@vger.kernel.org>, "'Vitaly VS'" <strikervitaly@gmail.com>
Subject: RE: Git via MITM transparent proxy with HTTPS Interception
Date: Tue, 13 Apr 2021 08:24:04 -0400 [thread overview]
Message-ID: <01d301d7305f$e4acdf80$ae069e80$@pdinc.us> (raw)
In-Reply-To: <CAEaE=iyUGiPK-HX850mEgC=X6atEhbjJ0dCK0dci0nOCahPhgQ@mail.gmail.com>
> From: Vitaly VS
> Sent: Tuesday, April 13, 2021 8:08 AM
>
> Hello! Can a Git client work properly through a MITM transparent proxy
> with HTTPS interception?
Yes, we do it all the time.
>
> Is there any documentation or recommendations on how to configure a
> MITM proxy with HTTPS interception for the Git work?
>
Not that I am aware of. It is not a Git issue per se. The WAF or Proxy should not (appear) to alter any of the contents of the stream (when allowed).
> Getting a bunch of errors when trying to "git clone https://SOME_REPO.git"
> On small REPOs (about 1-5 MB) there is a chance that the clone will be
> successful, but mostly I get these errors:
>
It is likely off-topic, but what is your proxy configuration? I have personally used Git through Apache and F5 MITM proxies.
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> fatal: protocol error: bad line length character: ??:s00 KiB/s
> error: inflate: data stream error (invalid literal/lengths set)
> fatal: pack has bad object at offset 2093488: inflate returned -3
> fatal: index-pack failed
Enable git and curl tracing, contact your proxy team and ask for packet capture with decryption.
>
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> fatal: protocol error: bad line length character: ????06 MiB/s
> error: inflate: data stream error (incorrect data check)
> fatal: pack has bad object at offset 17119052: inflate returned -3
> fatal: index-pack failed
>
>
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
> fatal: the remote end hung up unexpectedly
> fatal: early EOF
> fatal: index-pack failed
>
> git clone https://github.com/Homebrew/brew.git
> Cloning into 'brew'...
> remote: Enumerating objects: 148, done.
> remote: Counting objects: 100% (148/148), done.
> remote: Compressing objects: 100% (80/80), done.
> Receiving objects: 3% (6247/180213), 2.64 MiB | 1005.00 KiB/s
> Receiving objects: 4% (8247/180213), 3.75 MiB | 1.00 MiB/s
> Receiving objects: 5% (9011/180213), 4.47 MiB | 1.05 MiB/s
> fatal: protocol error: bad line length character: ?V?V7 MiB/s
> error: inflate: data stream error (incorrect data check)
> fatal: pack has bad object at offset 6558416: inflate returned -3
> fatal: index-pack failed
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
>
> git clone https://github.com/Homebrew/brew.git
> Cloning into 'brew'...
> remote: Enumerating objects: 148, done.
> remote: Counting objects: 100% (148/148), done.
> remote: Compressing objects: 100% (80/80), done.
> Receiving objects: 0% (1/180213)
> Receiving objects: 0% (687/180213), 436.01 KiB | 397.00 KiB/s
> Receiving objects: 0% (1029/180213), 548.01 KiB | 338.00 KiB/s
> Receiving objects: 1% (1803/180213), 972.01 KiB | 309.00 KiB/s
> Receiving objects: 1% (2091/180213), 1.11 MiB | 309.00 KiB/s
> Receiving objects: 2% (3605/180213), 1.82 MiB | 214.00 KiB/s
> fatal: protocol error: bad line length character: O20000 KiB/s
> fatal: pack has bad object at offset 2776352: inflate returned -5
> fatal: index-pack failed
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
>
> P.S. We trust proxy root certificate in the system, also tried to add
> in config but no luck
That is assumed, otherwise you would not have started transferring any data.
[I set the reply to header, don’t email me directly I am on the list]
--
Jason Pyeron | Architect
Contractor |
PD Inc |
10 w 24th St |
Baltimore, MD |
.mil: jason.j.pyeron.ctr@mail.mil
.com: jpyeron@pdinc.us
tel : 202-741-9397
next prev parent reply other threads:[~2021-04-13 12:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 12:07 Git via MITM transparent proxy with HTTPS Interception Vitaly VS
2021-04-13 12:24 ` Jason Pyeron [this message]
2021-04-14 0:05 ` brian m. carlson
2021-04-14 9:35 ` Vitaly VS
2021-04-14 11:49 ` brian m. carlson
2021-04-14 12:29 ` Jason Pyeron
2021-04-14 15:41 ` Vitaly VS
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01d301d7305f$e4acdf80$ae069e80$@pdinc.us' \
--to=jpyeron@pdinc.us \
--cc=git@vger.kernel.org \
--cc=strikervitaly@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.