desktop: The revocation function is unable to check revocation for the certificate.

Description

I am running behind a corporation that self-signs its certificates, which means that I get this issue when I try to push any changes.

fatal: unable to access 'https://github.com/glenndevenish/[repo]/': schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

Version

GitHub Desktop version: 0.7.2

OS version: Microsoft Windows [Version 10.0.10586]

Steps to Reproduce

(You will probably be unable to reproduce since you have to be in the corporation, although any self-signing corp. might have the same issue)

  1. Click publish branch
  2. Error message pops up.

Expected behavior: Update to occur successfully

Actual behavior: Repo was created, but no files were created.

Reproduces how often: Every time.

Logs

2017-08-15T13:38:44.759Z - info: [ui] Executing fetch: git -c credential.helper= fetch --progress --prune origin (took 1.196s)
2017-08-15T13:38:44.761Z - error: [ui] `git -c credential.helper= fetch --progress --prune origin` exited with an unexpected code: 128.
fatal: unable to access 'https://github.com/glenndevenish/[repo].git/': schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

Additional Information

None.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 5
  • Comments: 19 (5 by maintainers)

Most upvoted comments

Copy cert path from configuration git

git config http.sslCAInfo Return Example: “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

Add to global configuration

git config --global http.sslBackend “openssl” git config --global http.sslCAInfo “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

+36
NrI3 on Feb 20, 2018

Copy cert path from configuration git

git config http.sslCAInfo Return Example: “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

Add to global configuration

git config --global http.sslBackend “openssl” git config --global http.sslCAInfo “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

This Worked for me also, thanks.

after applying the above in global . received CApath none message

git config --global http.sslverify “false” this statement resolved issue

+14
snannap on Dec 3, 2019

@glenndevenish thank you for your issue!

We haven’t gotten a response to the questions in our comment here. With only the information that is currently in the issue, we don’t have enough information to take action. I’m going to close this but don’t hesitate to reach out if you have or find the answers we need, we’ll be happy to reopen the issue.

+6
shiftkey on Aug 27, 2017

Copy cert path from configuration git

git config http.sslCAInfo Return Example: “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

Add to global configuration

git config --global http.sslBackend “openssl” git config --global http.sslCAInfo “C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt”

This Worked for me also, thanks.

+4
ferbatres on Nov 19, 2018

@robertmryan you can verify your connections using openssl to see what certificate chain it does find:

$ openssl s_client  -connect www.github.com:443
CONNECTED(00000006)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
...
+4
shiftkey on May 28, 2018

@shiftkey Okay, good to know. Git for Windows wasn’t installed by default, so that needed sorting.

I used git config http.sslCAInfo /path/to/certificate.crt with the certificate I’d saved from the Windows key manager.

+4
glenndevenish on Aug 29, 2017

@shiftkey Thanks, that identified the offending certificate, namely a Kaspersky cert installed as part of their suite, and once I removed that and rebooted, I can now use git desktop. Thanks!

+3
robertmryan on May 28, 2018

@shiftkey Sorry, I wasn’t aware of your comment, for some reason! I managed to solve it myself though, by:

  1. finding the keys used by the corporate firewall in the Windows key manager
  2. converting them and merging them (as .pem)
  3. Added the new key to git using the git for Windows command line (it would be nice if Github desktop had some ‘advanced command line’ for configuring git)
+2
glenndevenish on Aug 29, 2017
Read more comments on GitHub
← desktop: Switching to a branch with submodules is not possible
desktop: Toggling Full screen off causes the app to crash and start in full screen afterwards →