GNOME Bugzilla – Bug 654055
https access to git
Last modified: 2013-03-05 20:15:22 UTC
Hi I have some problem accessing to some gnome repos. Because I'm behind my university proxy I can use git protocol (it's blocked). Access through http used to work but recently it stopped because of this bug http://squid-web-proxy-cache.1019090.n4.nabble.com/ERR-INVALID-REQ-on-www-megaupload-com-td2249834.html I got it tracked down with the help of bkor at #gnome-hackers. if I understood it correctly, the squid is getting a request from git that can't handle. By using https instead of http, the proxy wouldn't have to handle any request, just forward the traffic to me (if I understood it correctly, I know very little of network). I used pastebin to paste only the lines where the error starts to show when using ngrep and trying to clone zenity http://pastebin.com/G1NaMWtB
In short: Standard Squid support the following HTTP header: > Expect: 100-continue This as squid only does HTTP/1.0. Git adds this in certain cases (not always). So it breaks down for zenity, but not for others. Only quick solution would be setting up https, so squid isn't involved anymore.
ehr.. Squid does NOT support that header
Hi I'm just wondering if there's any work on this? I've been unable to fetch any changes from the repository in quite a while now. It's not only zenity that fails. gedit, gedit-plugins and gtksourceview also fail.
Jeff, Could you change the level 2 certificate and add: 1. git.gnome.org 2. Either: *.bugzilla-attachments.gnome.org (more secure) or bugzilla-attachments.gnome.org
Please do not set up a completely new certificate (since it's not possible to add new DNS names after the certificate has been created, thus we should revoke the one we have now) but create another cert with the missing hosts instead.
Bugzilla is on the same host, and 2 certificates on one IP address is bad. So only a git.gnome.org cert I think. Maybe we should check if we need more.
1. signal/nagios has its own self-signed certificate, I guess we don't need any CA signed cert for that. 2. we'll probably move bugzilla to its own VM, so we can create a single cert for git.g.o and enable SSL there.
this was fixed by Andrea need to test bugbot