Running libgit2sharp on Ubuntu 22.04 Arm64 got `LibGit2Sharp.LibGit2SharpException: the SSL certificate is invalid` about libgit2sharp HOT 12 CLOSED

And I have already checked my system's ca-certificates, it's up-to-date.

from libgit2sharp.

I don't have access to ARM64 hardware, so it's going to be tricky to figure out why this might be happening.

Is there a version of LibGit2Sharp that did work for you, or is this the first time you've tried it?

from libgit2sharp.

I don't have access to ARM64 hardware, so it's going to be tricky to figure out why this might be happening.

I've also tested it on Ubuntu-x64, and it's not working there either. But add an env var could help this:
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

Is there a version of LibGit2Sharp that did work for you, or is this the first time you've tried it?

I'm not sure if there is a version that suits me. Is it possible for LibGit2Sharp to add a feature allowing users to use their local certificates?

from libgit2sharp.

What repo are you trying to clone? Does it not have a certificate that should be trusted?

Is it possible for LibGit2Sharp to add a feature allowing users to use their local certificates?

If you look at the FetchOptions in the CloneOptions, you'll see that there is a CertificateCheck delegate, which lets you control certificate validation.

from libgit2sharp.

What repo are you trying to clone? Does it not have a certificate that should be trusted?

The repo is https://git.cinogama.net/cinogamaproject/woolang
It's validate, subject=CN = git.cinogama.net issuer=C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2

If you look at the FetchOptions in the CloneOptions, you'll see that there is a CertificateCheck delegate, which lets you control certificate validation.

Okay, I will check it, thanks!

from libgit2sharp.

I just tried cloning that repo on Windows and Ubuntu 22.04 via WSL (x64 for both) and everything is working fine for me.

from libgit2sharp.

So it might be a problem with my configuration...

var repoGitPath = Repository.Clone("https://git.cinogama.net/cinogamaproject/woolang.git", CachePath,
            new CloneOptions
            {
                BranchName = "release",
                Checkout = true,
                RecurseSubmodules = true,
                OnProgress = ProgressEvent
            });

from libgit2sharp.

Then this might be a problem with the ARM version of the system.

from libgit2sharp.

So it might be a problem with my configuration...

var repoGitPath = Repository.Clone("https://git.cinogama.net/cinogamaproject/woolang.git", CachePath,
            new CloneOptions
            {
                BranchName = "release",
                Checkout = true,
                RecurseSubmodules = true,
                OnProgress = ProgressEvent
            });

Go ahead and try the FetchOptions.CertificateCheck that I mentioned. That should let you return true and make the https connection even if the system doesn't trust the certificate for whatever reason.

from libgit2sharp.

So it might be a problem with my configuration...

var repoGitPath = Repository.Clone("https://git.cinogama.net/cinogamaproject/woolang.git", CachePath,
            new CloneOptions
            {
                BranchName = "release",
                Checkout = true,
                RecurseSubmodules = true,
                OnProgress = ProgressEvent
            });

Go ahead and try the FetchOptions.CertificateCheck that I mentioned. That should let you return true and make the https connection even if the system doesn't trust the certificate for whatever reason.

var repoGitPath = Repository.Clone("https://git.cinogama.net/cinogamaproject/woolang.git", CachePath,
            new CloneOptions
            {
                BranchName = "release",
                Checkout = true,
                RecurseSubmodules = true,
                OnProgress = ProgressEvent,
                FetchOptions = new FetchOptions
                {
                    CertificateCheck = (_, _, _) => true
                }
            });

But if I skipped the local SSL certs check, would doing this lead to security issues?

from libgit2sharp.

But if I skipped the local SSL certs check, would doing this lead to security issues?

That's not really a question I can answer. It depends entirely on your use case. If you're only ever cloning that one repo, for example, and you trust the certificate, then it doesn't really matter if the system you're running it on can validate it or not.

On the other hand, if you're writing a tool that others can use to connect to any arbitrary URL, then you're losing any sort of verification that the user is talking to the site they think they are connecting to.

The certificate check handler does pass in the certificate in question, so you could always write logic that looks at the certificate and validates it against a list certificates manually maintained by you.

Have you tried cloning any other repos? For example, what about a repo from GitHub? I'd be curious to see if you have the same problem with other sites.

from libgit2sharp.

Have you tried cloning any other repos? For example, what about a repo from GitHub? I'd be curious to see if you have the same problem with other sites.

Well, it should be system's problem:

from libgit2sharp.