New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Babun check fails #138

Closed
dogrizz opened this Issue May 20, 2014 · 7 comments

Comments

Projects
None yet
3 participants
@dogrizz

dogrizz commented May 20, 2014

Hi
I am behind restrictive corporate proxy.
But thanks to cntlm and connect.c I am able to connect with most of stuff to outside world
(git wget curl pact etc.) but I can't run babun check or babun update without failure.
I set check time-out to 10 seconds but it doesn't matter as it fails pretty immediatly.
Is there anything that pops into your mind that I should check ?

@tombujok tombujok added the feedback label May 20, 2014

@tombujok

This comment has been minimized.

Show comment
Hide comment
@tombujok

tombujok May 20, 2014

Contributor

Thanks for your feedback. Thanks to all of you babun will get much better soon 👍

babun check invokes:
curl --silent --connect-timeout 4 --location https://raw.githubusercontent.com/babun/babun/release/babun.version

If you make it working I can adjust the script accordingly.
BTW, how do you use cntlm and connect.c? Could you elaborate a bit more? We can add it to the FAQ soon.

Contributor

tombujok commented May 20, 2014

Thanks for your feedback. Thanks to all of you babun will get much better soon 👍

babun check invokes:
curl --silent --connect-timeout 4 --location https://raw.githubusercontent.com/babun/babun/release/babun.version

If you make it working I can adjust the script accordingly.
BTW, how do you use cntlm and connect.c? Could you elaborate a bit more? We can add it to the FAQ soon.

@dogrizz

This comment has been minimized.

Show comment
Hide comment
@dogrizz

dogrizz May 20, 2014

Switching to http solves the problem without this i get:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

It might be related to the fact that my proxy intercepts certificates.
Well cntlm and connect.c are pretty much dependent on your setup what i have is:

Username    login
Domain  domain
Password mypassword
Header      User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) 
Proxy   proxy_adress:port
NoProxy localhost, 127.0.0.1
Listen  3128

in babunrc

export http_proxy=http://localhost:3128
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export no_proxy=localhost

So basicly this redirects my domain proxy to local http proxy that listens on port 3128
Header was required as without this corporate proxy was killing all connections.

connect.c you simply drop somewhere on the path.
and then create ~/.ssh/config file with something like this:

ProxyCommand /cygdrive/c/Windows/connect.exe -H localhost:3128 %h %p

Host github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile  "/home/login/.ssh/id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile "/home/login/.ssh/id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes

More detail on connect.c and corkscrew here:
http://tachang.tumblr.com/post/22265579539/using-github-through-draconian-proxies-windows-and

dogrizz commented May 20, 2014

Switching to http solves the problem without this i get:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

It might be related to the fact that my proxy intercepts certificates.
Well cntlm and connect.c are pretty much dependent on your setup what i have is:

Username    login
Domain  domain
Password mypassword
Header      User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) 
Proxy   proxy_adress:port
NoProxy localhost, 127.0.0.1
Listen  3128

in babunrc

export http_proxy=http://localhost:3128
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export no_proxy=localhost

So basicly this redirects my domain proxy to local http proxy that listens on port 3128
Header was required as without this corporate proxy was killing all connections.

connect.c you simply drop somewhere on the path.
and then create ~/.ssh/config file with something like this:

ProxyCommand /cygdrive/c/Windows/connect.exe -H localhost:3128 %h %p

Host github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile  "/home/login/.ssh/id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile "/home/login/.ssh/id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes

More detail on connect.c and corkscrew here:
http://tachang.tumblr.com/post/22265579539/using-github-through-draconian-proxies-windows-and

@dogrizz

This comment has been minimized.

Show comment
Hide comment
@dogrizz

dogrizz May 20, 2014

Well changing to http semi-fixes as the file is returned but it is Githubs 404.
I will maybe come back with solution later. Unless you have some idea about this cacert error?
EDIT:
ok so a solution for me is:
curl -k -A agent --silent (...)
-k solves the cacert -A solves lack of Agent header for my proxy.
As it seems cntlm doesn't inject the agent into https header.
But this is more of a 'Behind draconian corporate god damn proxy' case then normal issue.
Nevertheless thanks for help

dogrizz commented May 20, 2014

Well changing to http semi-fixes as the file is returned but it is Githubs 404.
I will maybe come back with solution later. Unless you have some idea about this cacert error?
EDIT:
ok so a solution for me is:
curl -k -A agent --silent (...)
-k solves the cacert -A solves lack of Agent header for my proxy.
As it seems cntlm doesn't inject the agent into https header.
But this is more of a 'Behind draconian corporate god damn proxy' case then normal issue.
Nevertheless thanks for help

@tombujok

This comment has been minimized.

Show comment
Hide comment
@tombujok

tombujok May 20, 2014

Contributor

Awesome - thanks for hacking on this! Babun is supposed to be fully draconian-proxy-friendly :)
...but we cannot test all cases locally - thanks to your feedback it will be possible!

Contributor

tombujok commented May 20, 2014

Awesome - thanks for hacking on this! Babun is supposed to be fully draconian-proxy-friendly :)
...but we cannot test all cases locally - thanks to your feedback it will be possible!

@dogrizz dogrizz closed this May 20, 2014

@tombujok

This comment has been minimized.

Show comment
Hide comment
@tombujok

tombujok May 20, 2014

Contributor

Would you like to submit a patch to the check.sh script? (babun-core/tools?)

Contributor

tombujok commented May 20, 2014

Would you like to submit a patch to the check.sh script? (babun-core/tools?)

@dogrizz

This comment has been minimized.

Show comment
Hide comment
@dogrizz

dogrizz May 20, 2014

Created pull request #139

dogrizz commented May 20, 2014

Created pull request #139

@dogrizz dogrizz closed this May 20, 2014

@madiot

This comment has been minimized.

Show comment
Hide comment
@madiot

madiot Apr 5, 2017

Hi,

behind an apparently windows proxy, i had to tweak curl cmdline from
curl --silent --connect-timeout 4 --location
https://raw.githubusercontent.com/babun/babun/release/babun.version
to
curl --silent --connect-timeout 4 --proxy-ntlm -x 'http://user:passwd@myproxy_host:myproxy_port'
--location https://raw.githubusercontent.com/babun/babun/release/babun.version

see the man curl for details

from http://stackoverflow.com/questions/7734518/how-to-set-up-git-to-get-through-a-proxy
adding this in ~/.curlrc seemed to work
proxy = proxy.proxyhost.com:8443
proxy-user = user:pass
proxy-ntlm = true
noproxy = localhost,127.0.0.1

madiot commented Apr 5, 2017

Hi,

behind an apparently windows proxy, i had to tweak curl cmdline from
curl --silent --connect-timeout 4 --location
https://raw.githubusercontent.com/babun/babun/release/babun.version
to
curl --silent --connect-timeout 4 --proxy-ntlm -x 'http://user:passwd@myproxy_host:myproxy_port'
--location https://raw.githubusercontent.com/babun/babun/release/babun.version

see the man curl for details

from http://stackoverflow.com/questions/7734518/how-to-set-up-git-to-get-through-a-proxy
adding this in ~/.curlrc seemed to work
proxy = proxy.proxyhost.com:8443
proxy-user = user:pass
proxy-ntlm = true
noproxy = localhost,127.0.0.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment