#62596 closed defect (worksforme)
aom @3.0.0: Failed to fetch aom: Git clone failed -- self signed certificate in certificate chain
| Reported by: | RobK88 | Owned by: | MarcusCalhoun-Lopez (Marcus Calhoun-Lopez) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.6.4 |
| Keywords: | lion | Cc: | |
| Port: | aom |
Description (last modified by RobK88)
I am unable to upgrade aom on my Mac running Lion. Looks like a SSL certificate problem.
sudo port -v upgrade outdated ---> Computing dependencies for aom. ---> Fetching distfiles for aom Cloning into '/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_multimedia_aom/aom/work/aom-3.0.0'... fatal: unable to access 'https://aomedia.googlesource.com/aom.git/': SSL certificate problem: self signed certificate in certificate chain Command failed: /opt/local/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_multimedia_aom/aom/work/aom-3.0.0 2>&1 Exit code: 128 Error: Failed to fetch aom: Git clone failed Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_multimedia_aom/aom/main.log for details. Error: Problem while installing aom Error: Follow https://guide.macports.org/#project.tickets to report a bug.
Change History (11)
comment:1 Changed 3 years ago by RobK88
| Description: | modified (diff) |
|---|
comment:2 Changed 3 years ago by RobK88
| Summary: | aom - Failed to fetch aom: Git clone failed → aom - Failed to fetch aom: Git clone failed -- self signed certificate in certificate chain |
|---|
comment:3 Changed 3 years ago by mf2k (Frank Schima)
| Cc: | mcalhoun@… removed |
|---|---|
| Owner: | set to MarcusCalhoun-Lopez |
| Status: | new → assigned |
comment:4 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)
| Keywords: | lion added; Lion removed |
|---|---|
| Summary: | aom - Failed to fetch aom: Git clone failed -- self signed certificate in certificate chain → aom @3.0.0: Failed to fetch aom: Git clone failed -- self signed certificate in certificate chain |
comment:5 Changed 3 years ago by MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)
comment:6 Changed 3 years ago by RobK88
I do not think it is a git issue.
I can clone aom using git on the command line.
$ git clone https://aomedia.googlesource.com/aom.git Cloning into 'aom'... remote: Finding sources: 100% (43/43) remote: Total 233843 (delta 186494), reused 233818 (delta 186494) Receiving objects: 100% (233843/233843), 295.25 MiB | 3.89 MiB/s, done. Resolving deltas: 100% (186494/186494), done.
But for some reason Macports cannot use git to clone the repo.
comment:7 Changed 3 years ago by RobK88
I found the problem and a workaround for now.
The problem with Macs running an old OS, like Lion, is the lack of SSL 1.2 support. So I installed an SSL proxy server using squid.
See https://forums.macrumors.com/threads/fixing-https-issues-on-old-versions-of-os-x.2281326/
To make the SSL proxy server work, I need to use a self signed cert. Until now, I forgot all about this self signed cert! Sorry.
When I disable the SSL Proxy server, Macports can use git to clone the aom repo and install the port. So the workaround for now is to disable the SSL Proxy server.
P.S. Here is the strange part. When the SSL proxy server is enabled, I can use git on the command line to clone the aom repo!
$ git clone https://aomedia.googlesource.com/aom.git Cloning into 'aom'... remote: Finding sources: 100% (43/43) remote: Total 233843 (delta 186494), reused 233818 (delta 186494) Receiving objects: 100% (233843/233843), 295.25 MiB | 3.89 MiB/s, done. Resolving deltas: 100% (186494/186494), done.
The "git clone" only fails when Macports tries to clone the repo with the SSL proxy server enabled. Strange.
If you know of a better solution that disabling the SSL Proxy, please let me know.
Eventually, Macports will need to use a SSL proxy server to enable SSL 1.2 to download files on older Macs.
comment:8 Changed 3 years ago by MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)
Thank you for the information.
I am sure it will prove useful in the future.
Since you found a workaround and git clone works on a "vanilla" system, may I close this ticket?
comment:9 Changed 3 years ago by RobK88
Yes Marcus go ahead and close the ticket.
P.S. For those reading this ticket in the future, I have a self signed cert used for my SSL Proxy server stored in Apple's keychain. It is set as trusted for all users.
As a result, "git clone" works fine on the command line. But for some reason Macports does not like the self signed cert. The workaround is simply to disable the SSL proxy and run Macports. Once you are finished, enable the SSL Proxy server again. Not a great workaround.
I did not try to add the self signed cert to the git cert store since I do not think that the issue is with git. And I do not even know if git uses its own cert store on the Mac platform. I could not find it! "git config --list --show-origin" returns nothing.
See https://mattferderer.com/fix-git-self-signed-certificate-in-certificate-chain-on-windows
http://blog.majcica.com/2016/12/27/installing-self-signed-certificates-into-git-cert-store/
comment:10 Changed 3 years ago by MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)
| Resolution: | → worksforme |
|---|---|
| Status: | assigned → closed |
comment:11 Changed 6 months ago by COOLak
Sorry for raising this old ticket, but how do I even disable my SSL proxy? I'm a complete noob and have no idea how to do it. I have the same problem and can't install Zenity because of it.
I am afraid I do not know how to proceed with this ticket.
I cannot reproduce the problem, and I am far from an expert on Git.
You might have more luck asking on the MacPorts mailing list.