[git] git doesn't support schannel as SSL backend

msys2 / MSYS2-packages

Package scripts for MSYS2.

https://packages.msys2.org

BSD 3-Clause "New" or "Revised" License

1.28k stars 486 forks source link

[git] git doesn't support schannel as SSL backend #2913

Open luisspb opened 2 years ago

luisspb commented 2 years ago

When I try to clone a repository via HTTPS and using openssl as backend, I get this error:

$ git clone https://github.com/msys2/MSYS2-packages.git
Cloning into 'MSYS2-packages'...
fatal: unable to access 'https://github.com/msys2/MSYS2-packages.git/': SSL certificate problem: unable to get local issuer certificate

According to https://stackoverflow.com/a/53064542, since Git for Windows 2.14 we should be able to set git to use Windows built-in SChannel instead of openssl:

$ git config --global http.sslBackend schannel

But git installed via pacman in MSYS2 doesn't support schannel as a SSL backend:

$ git clone https://github.com/msys2/MSYS2-packages.git
Cloning into 'MSYS2-packages'...
fatal: Unsupported SSL backend 'schannel'. Supported SSL backends:
        openssl

1480c1 commented 2 years ago

I think that there might be the issue of that the git provided by msys2 is based on the cygwin subsystem, and curl limits schannel support to WIN32 from what I can tell, so that won't be active in cygwin.

jeremyd2019 commented 2 years ago

More concerning is that the root certificates seem to be missing (or misconfigured) from your msys2 install. Try running update-ca-trust

kalj commented 1 year ago

I too am seeing this. Currently I have to resort to sslVerify = false which is really poor.

mback2k commented 1 year ago

On the Cygwin/msys POSIX emulation layer there can be no native Win32 API and therefore no Schannel support. That only works if cross-compiled with MinGW(-w64).

kalj commented 1 year ago

That makes sense. I guess the followup question then is why there is no mingw-w64-x86_64-git in msys2? I only really see the single git package.

class101 commented 1 year ago

I guess it lacks voluntary maintainers

mback2k commented 1 year ago

I guess what you are asking for is essentially what the Git for Windows project already provides.

yeasirPro commented 1 year ago

My problem Please Help me!

Unsupported SSL backend 'openssl'. Supported SSL backends: schannel

Will-Lai commented 1 year ago

@yeasirPro

add

[http]
        sslBackend = openssl

to .git/config under your project directory

class101 commented 1 year ago

For a brief moment I believed that git-for-windows was finally done supported in MSYS2 but realized the user above me probably messed up its system configuration, IE, the MSYS git calling the git-for-windows suspected to be coming from PATH.

False joy, we must always install this dung under Windows installer to make Windows. Still as bad from a technical point of view

martin-braun commented 7 months ago

This issue happens when you add C:\git-sdk-64\usr\local\bin to your Windows Path environment variable and try to run git in the cmd.exe. The Git for Windows SDK also installs git compiled via mingw64, so only add mingw64 and mingw32 to the Windows Path variable, if you want to use git in cmd.exe.

git --version should contain windows in its output. The git within /usr/local/bin needs to run under the POSIX compatibility layer, i.e. within git-bash.exe.