From: "Jason Pyeron" <jpyeron@pdinc.us>
To: <git@vger.kernel.org>, "'Vitaly VS'" <strikervitaly@gmail.com>
Subject: RE: Git via MITM transparent proxy with HTTPS Interception
Date: Tue, 13 Apr 2021 08:24:04 -0400 [thread overview]
Message-ID: <01d301d7305f$e4acdf80$ae069e80$@pdinc.us> (raw)
In-Reply-To: <CAEaE=iyUGiPK-HX850mEgC=X6atEhbjJ0dCK0dci0nOCahPhgQ@mail.gmail.com>
> From: Vitaly VS
> Sent: Tuesday, April 13, 2021 8:08 AM
>
> Hello! Can a Git client work properly through a MITM transparent proxy
> with HTTPS interception?
Yes, we do it all the time.
>
> Is there any documentation or recommendations on how to configure a
> MITM proxy with HTTPS interception for the Git work?
>
Not that I am aware of. It is not a Git issue per se. The WAF or Proxy should not (appear) to alter any of the contents of the stream (when allowed).
> Getting a bunch of errors when trying to "git clone https://SOME_REPO.git"
> On small REPOs (about 1-5 MB) there is a chance that the clone will be
> successful, but mostly I get these errors:
>
It is likely off-topic, but what is your proxy configuration? I have personally used Git through Apache and F5 MITM proxies.
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> fatal: protocol error: bad line length character: ??:s00 KiB/s
> error: inflate: data stream error (invalid literal/lengths set)
> fatal: pack has bad object at offset 2093488: inflate returned -3
> fatal: index-pack failed
Enable git and curl tracing, contact your proxy team and ask for packet capture with decryption.
>
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> fatal: protocol error: bad line length character: ????06 MiB/s
> error: inflate: data stream error (incorrect data check)
> fatal: pack has bad object at offset 17119052: inflate returned -3
> fatal: index-pack failed
>
>
> git clone https://github.com/aaptel/wireshark.git
> Cloning into 'wireshark'...
> remote: Enumerating objects: 524729, done.
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
> fatal: the remote end hung up unexpectedly
> fatal: early EOF
> fatal: index-pack failed
>
> git clone https://github.com/Homebrew/brew.git
> Cloning into 'brew'...
> remote: Enumerating objects: 148, done.
> remote: Counting objects: 100% (148/148), done.
> remote: Compressing objects: 100% (80/80), done.
> Receiving objects: 3% (6247/180213), 2.64 MiB | 1005.00 KiB/s
> Receiving objects: 4% (8247/180213), 3.75 MiB | 1.00 MiB/s
> Receiving objects: 5% (9011/180213), 4.47 MiB | 1.05 MiB/s
> fatal: protocol error: bad line length character: ?V?V7 MiB/s
> error: inflate: data stream error (incorrect data check)
> fatal: pack has bad object at offset 6558416: inflate returned -3
> fatal: index-pack failed
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
>
> git clone https://github.com/Homebrew/brew.git
> Cloning into 'brew'...
> remote: Enumerating objects: 148, done.
> remote: Counting objects: 100% (148/148), done.
> remote: Compressing objects: 100% (80/80), done.
> Receiving objects: 0% (1/180213)
> Receiving objects: 0% (687/180213), 436.01 KiB | 397.00 KiB/s
> Receiving objects: 0% (1029/180213), 548.01 KiB | 338.00 KiB/s
> Receiving objects: 1% (1803/180213), 972.01 KiB | 309.00 KiB/s
> Receiving objects: 1% (2091/180213), 1.11 MiB | 309.00 KiB/s
> Receiving objects: 2% (3605/180213), 1.82 MiB | 214.00 KiB/s
> fatal: protocol error: bad line length character: O20000 KiB/s
> fatal: pack has bad object at offset 2776352: inflate returned -5
> fatal: index-pack failed
> error: RPC failed; curl 56 Malformed encoding found in chunked-encoding
>
> P.S. We trust proxy root certificate in the system, also tried to add
> in config but no luck
That is assumed, otherwise you would not have started transferring any data.
[I set the reply to header, don’t email me directly I am on the list]
--
Jason Pyeron | Architect
Contractor |
PD Inc |
10 w 24th St |
Baltimore, MD |
.mil: jason.j.pyeron.ctr@mail.mil
.com: jpyeron@pdinc.us
tel : 202-741-9397
next prev parent reply other threads:[~2021-04-13 12:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 12:07 Git via MITM transparent proxy with HTTPS Interception Vitaly VS
2021-04-13 12:24 ` Jason Pyeron [this message]
2021-04-14 0:05 ` brian m. carlson
2021-04-14 9:35 ` Vitaly VS
2021-04-14 11:49 ` brian m. carlson
2021-04-14 12:29 ` Jason Pyeron
2021-04-14 15:41 ` Vitaly VS
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01d301d7305f$e4acdf80$ae069e80$@pdinc.us' \
--to=jpyeron@pdinc.us \
--cc=git@vger.kernel.org \
--cc=strikervitaly@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).