Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"2FA error: Communication error: SSL-Client SSL-Client (Anonym)" occures at git-commit #1491

Closed
ffischer1984 opened this issue Jun 11, 2018 · 15 comments
Labels
question Further information is requested

Comments

@ffischer1984
Copy link

ffischer1984 commented Jun 11, 2018

Hi
i get this error: "2FA error: Communication error: SSL-Client SSL-Client (Anonym)" by creating a git-commit. Abap-git asks me about username/password so I'm a little bit astonished that I get an SSL-Error.
My password is 99% correct because i use a password-manager so what I'm doing wrong?

Any ideas what i'm doing wrong will be appreciated.
Thanks for the help.

@larshp
Copy link
Member

larshp commented Jun 11, 2018

try running the program described in: https://docs.abapgit.org/other-test-ssl.html and paste output here

you might need to import additional certificates for https://api.github.com

@larshp larshp added the question Further information is requested label Jun 11, 2018
@ffischer1984
Copy link
Author

ffischer1984 commented Jun 11, 2018

Cloning a repo is sucessfully I just can't commit something (I created my own repo with an readme.md file)
Here is the result from ssl test for git

"11.06.2018 ssl test für git 1


https://github.com : ok


Error Number 1

ICM_HTTP_SSL_PEER_CERT_UNTRUSTED
Also check transaction SMICM -> Goto -> Trace File -> Display End"

this "SMICM -> Goto -> Trace File -> Display End" leads to SMICM -> Goto -> Trace File -> Display End" leads to "[Thr 140502990296928] *** ERROR => NiIBindSocket: could not delete file '/tmp/.sapstream64998' (hdl 1; errno=0) [nixxi.cpp 3870]"-Message

Seems like the signing-process wasn't successful:

[Thr 140502235629312] Peer not trusted
[Thr 140502235629312] Certificate:
[Thr 140502235629312] Certificate:
[Thr 140502235629312] Subject: CN=*.github.com, O="GitHub, Inc.", L=San Francisco, SP=California, C=U
[Thr 140502235629312] Issuer: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=Digi
[Thr 140502235629312] Serial Number: 0D:9D:DD:E7:CF:AC:61:9A:C3:86:6F:AE:35:45:8A:94
[Thr 140502235629312] Verification result:
[Thr 140502235629312] Status: Not successful
[Thr 140502235629312] SignerStatus: Not successful
[Thr 140502235629312] SignerVerificationResult:
[Thr 140502235629312] Status: Not successful
[Thr 140502235629312] Validity: Successful
[Thr 140502235629312] BasicConstraints: Successful
[Thr 140502235629312] KeyUsage: Successful
[Thr 140502235629312] ObjectStatus: Not successful
[Thr 140502235629312] SignerCert:
[Thr 140502235629312] Certificate:
[Thr 140502235629312] Subject: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=D
[Thr 140502235629312] Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiC
[Thr 140502235629312] Serial Number: 04:E1:E7:A4:DC:5C:F2:F3:6D:C0:2B:42:B8:5D:15:9F
[Thr 140502235629312] Verification result:
[Thr 140502235629312] Status: Not successful
[Thr 140502235629312] SignerStatus: Not successful
[Thr 140502235629312] SignerVerificationResult: None
[Thr 140502235629312] << ---------- End of Secu-SSL Errorstack ----------

Do I need an owner certificate I just ask because i don't have one and i've inserted the github-certificates, too.
Here is a screenshot of my strust-screen: https://www.dropbox.com/s/e6e055b5xp0x5mt/strust1.PNG?dl=0

@ffischer1984
Copy link
Author

ffischer1984 commented Jun 11, 2018

the api.github.com certificate solved the problem

@hardyp
Copy link

hardyp commented Jun 11, 2018

I have the same issue. What does your STRUST screen look like after you added the api.github.com certificate?

@ffischer1984
Copy link
Author

ffischer1984 commented Jun 12, 2018

i've three certificates:

  • digicert / github
  • github.com
  • api.github.com

https://www.dropbox.com/s/oder81vnwhfw7sz/strust2.PNG?dl=0

@hardyp
Copy link

hardyp commented Jun 13, 2018

Thanks for that. I have all three as well but the SSL test program still faisl. Therefore the problem is on my side, and I will keep pressing my BASIS people.

@ffischer1984
Copy link
Author

ffischer1984 commented Jun 13, 2018

@hardyp
Copy link

hardyp commented Jun 13, 2018

Yes that works fine. On the SSL test program the first URL works OK i.e. I can "pull" from GitHub to SAP.
I just get the error on the SSL test program when trying to connect to |api.github/.com| which you need to do to do a "commit" when it checks the 2FA.
I think the problem is something to do with a proxy setting on my side.

@ffischer1984
Copy link
Author

ffischer1984 commented Jun 13, 2018

@hardyp
Copy link

hardyp commented Jun 13, 2018

Oh yes, they were set a few weeks back. Before they were set I could not pull anything from GitHub and the SSL program failed on both URLs.

On the error message it says
Certificate : api.github.com etc etc
Issuer : some sort of proxy from my company

Hence I suspect the problem is with the latter. It is possible the SAP system does not trust one of our own proxies, If so maybe I need to get the certificate from the proxy and install that into STRUST as well.

@hf-kklein
Copy link
Contributor

hf-kklein commented Aug 21, 2019

Checking out public repositories from GitHub worked just fine but when I tried to clone a private repository I got the error message:

2FA error: Communication error: SSL-Client SSL-Client (Anonym)

after entering the Github credentials.

Installing the certificates for api.github.com as described above solved it.

you might need to import additional certificates for https://api.github.com

@fabianlupa
Copy link
Member

fabianlupa commented Aug 26, 2019

egin : Sun Jul 7 19:00:00 2019 (190708000000Z)
nd : Thu Jul 16 07:00:00 2020 (200716120000Z)
urrent : Fri Apr 26 10:56:33 2019 (20190426155633Z)

@salamancacm77 Are you from the past?

@fabianlupa
Copy link
Member

fabianlupa commented Aug 26, 2019

@flaiker I don't understand

You seem to have forgotten to adjust your watch after travelling 4 months into the future.

Peer certificate not yet valid:
Validity not before: Sun Jul 7 19:00:00 2019 (190708000000Z)
Validity not after: Thu Jul 16 07:00:00 2020 (200716120000Z)
Begin : Sun Jul 7 19:00:00 2019 (190708000000Z)
End : Thu Jul 16 07:00:00 2020 (200716120000Z)
Current : Fri Apr 26 10:56:33 2019 (20190426155633Z)

@shanvelc
Copy link

shanvelc commented Feb 14, 2022

do we need to import certificate from https://api.github.com/ in case if we are connecting enterprise GITLAB?

@larshp
Copy link
Member

larshp commented Feb 14, 2022

no

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Development

No branches or pull requests

6 participants