Resolved: Cannot synchronize project with Git through https

Q&A regarding installation and issues getting started with Servoy

Resolved: Cannot synchronize project with Git through https

Postby joe26 » Wed Apr 26, 2017 6:20 am

Recently having an issue with synchronizing workspace in Eclipse to Git and uncertain as to the resolution.

Error message is
'Can't connect to any URI: https://company.unfuddle.com/git/code_repos/
https://company.unfuddle.com/git/code_repos/:cannot open git-receive-pack'

It works when sslVerify=false in Git config, but that is something that would preferably be avoided.

The git bash command line doesn't appear to throw the same error.

>git status works on the git bash shell, but not sure whether that is a good enough test

.git/config (Windows Servoy 7.4.8 )
[http]
sslVerify = false

Any ideas on how to restore the https access for the .git repository access?

Looks to be _related_ to the SSL Cert on the repository website:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks,
--Joe.

More .log information on unfuddle access:

!SUBENTRY 1 org.eclipse.egit.ui 4 0 2017-04-26 09:00:31.249
!MESSAGE https://company.unfuddle.com/git/code_repos/: cannot open git-upload-pack
!STACK 0
org.eclipse.jgit.api.errors.TransportException: https://company.unfuddle.com/git/code_repos/: cannot open git-upload-pack
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:224)
at org.eclipse.egit.core.op.FetchOperation.run(FetchOperation.java:132)
at org.eclipse.egit.ui.internal.fetch.FetchOperationUI.execute(FetchOperationUI.java:108)
at org.eclipse.egit.ui.internal.synchronize.SynchronizeFetchJob.runInWorkspace(SynchronizeFetchJob.java:76)
at org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:38)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
Caused by: org.eclipse.jgit.errors.TransportException: https://company.unfuddle.com/git/code_repos/: cannot open git-upload-pack
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:566)
at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:326)
at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1236)
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:213)
... 5 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.eclipse.jgit.transport.http.JDKHttpConnection.getResponseCode(JDKHttpConnection.java:99)
at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:202)
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:504)
... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 26 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 32 more

Attempted to resolve with:

https://github.com/escline/InstallCert

But it's a good cert, so that wasn't successful.
Last edited by joe26 on Fri Apr 28, 2017 8:50 am, edited 4 times in total.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm

Re: Cannot synchronize project with Git through https

Postby ROCLASI » Wed Apr 26, 2017 9:25 am

Hi Joe,

I checked their SSL cert using Qualys SSL Labs and they get a solid A rating so the cert seems fine:

unfuddle-ssl.png
unfuddle-ssl.png (70.94 KiB) Viewed 6746 times

What Git client do you use?
Also you say 'how to restore functionality', does this mean it did work with this same URL before? What has changed in your configuration? What updates did you apply?
Robert Ivens
SAN Developer / Servoy Valued Professional / Servoy Certified Developer

ROCLASI Software Solutions / JBS Group, Partner
Mastodon: @roclasi
--
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
User avatar
ROCLASI
Servoy Expert
 
Posts: 5438
Joined: Thu Oct 02, 2003 9:49 am
Location: Netherlands/Belgium

Re: Cannot synchronize project with Git through https

Postby joe26 » Wed Apr 26, 2017 4:55 pm

Hi Robert,

I use eGit. In 'restore functionality', means to be able to push and pull from my git repository. No updates or changes have been made to Servoy or the plugins. Those updates seem to affect code with which I don't want to deal. :)

I'm searching for any other changes that may have been made by other programs. Nothing so far.

I did leave my machine plugged into a switched outlet in a hotel room, and that caused the machine to hibernate when the battery ran low. And I always connect home to my VPN when on a hotel wireless.

--Joe.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm

Re: Cannot synchronize project with Git through https

Postby joe26 » Wed Apr 26, 2017 11:13 pm

Robert,

It turns out that the servoy.ini was reading a local keystore that I added to account for expired keys within Servoy's structure for key re-signing.

It has been that way for a while, and it is surprising that it took so long to bite back. Perhaps a Java update or something exposed my error. Some sites are still giving me update fits (new stuff like mylyn, etc), and now have more tools to resolve those issues.

Thanks for helping with my stupidity.

--Joe.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm

Re: Cannot synchronize project with Git through https

Postby ROCLASI » Thu Apr 27, 2017 11:17 am

Hi Joe,

Have you just updated your Java 8 to update 131 perhaps?
I have seen issues with that update. It looks like Oracle dropped support for certain (weak) signature algorithms in that update.
Robert Ivens
SAN Developer / Servoy Valued Professional / Servoy Certified Developer

ROCLASI Software Solutions / JBS Group, Partner
Mastodon: @roclasi
--
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
User avatar
ROCLASI
Servoy Expert
 
Posts: 5438
Joined: Thu Oct 02, 2003 9:49 am
Location: Netherlands/Belgium

Re: Cannot synchronize project with Git through https

Postby joe26 » Thu Apr 27, 2017 4:40 pm

Hi Robert,

Yes, it was updated. I was using a private keystore for plugins following the wiki documentation, but in Developer, setting the keystore blocked updating from an https site.

It wasn't straight to 131, though. The comms just shut down and, frankly, I don't update much while coding.

It seems more about control than security. While I agree there are vulnerabilities in everything we do on the 'net, and am a proponent of strong encryption, I'm not impressed with what's out there, especially with recent announcements.

--Joe.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm


Return to I'm just getting started

Who is online

Users browsing this forum: No registered users and 2 guests