Can't Clone or Push over SSL from remote machine because certificate is bound to localhost

[gitblit]

Originally reported on Google Code with ID 4

The automatically generated certificate is bound to localhost.
This breaks clone and push over SSL from a machine other than the server.

Workaround (or solution?) is to generate a self-signed certificate using the make_certificate.cmd
script and properly set the "alias"/"hostname" and the "CN=" value to the server's
name.

Perhaps EGit has a way to overcome this?

Reported by James.Moger on 2011-06-27 16:59:05

[gitblit]

I thought that http.sslVerify=false would prevent this from occuring.  That setting
does skip verification for self-signed certificates if the certificate CN matches the
hostname of the url.

Asking JGit team for clarification on the issue of hostname mismatches or ip address
use in url.

Reported by James.Moger on 2011-06-27 19:13:43

[gitblit]

I've reviewed the JGit source and discovered that JGit does not bypass hostname verification
errors despite the http.sslVerify=false setting.

I raised the issue on the JGit developer list and discovered that there is a pending
change in code review that would disregard hostname verification errors.  Its unclear
if or when this change will be incorporated as its part of a large feature patchset.

Since this is an important issue for Gitblit I released 0.5.1 which clarifies the documentation
about setting up https, your self-signed certificate, and hostnames.

I was hoping to have the certificate generation be automatic and painless, but thats
not to be the case - at least for the next few months.  Perhaps the next point release
of JGit (1.1?) will disregard hostname verification errors.

Reported by James.Moger on 2011-06-29 00:38:47

• Status changed: Done

[gitblit]

Reported by James.Moger on 2011-07-27 12:15:20

• Status changed: Fixed