Problems with GH Desktop & firewall (revocation function or timeout)
See original GitHub issueDescribe the bug
I run a high school computer lab for game design and CS classes. We have a firewall which intercepts traffic (MITM) which was recently upgraded (before the update, GitHub Desktop and command line Git worked without issue (after configuring Git to use our local certificates - http.sslCAInfo
)). After the upgrade GitHub Desktop has stopped working. Git commands from the command line still work.
The failure takes one of two forms depending on the setting of http.schannelCheckRevoke
. When it is set to true
(or unset) I get an immediate failure with the message:
When it is set to false
there is a long timeout, then this message:
On the command line, Git functions normally - with either setting of http.schannelCheckRevoke
.
Version & OS
- GitHub Desktop: 2.2.4
- OS: Windows 10
Steps to reproduce the behavior
- Get behind a firewall that does MITM packet inspection, I think ours comes from Fortigate, make sure it is updated.
- Launch GitHub Desktop - notice that you get a revocation function error (first screen capture above) as it tries to do a fetch against the current repository.
- Spend some quality time with Google and discover that
http.schannelCheckRevoke false
might solve the problem. Try it, notice that the problem has changed (second screen capture above). - Switch to the command line and try
git fetch
- notice that it works. Out of curiosity sethttp.schannelCheckRevoke
totrue
. Notice that on the command line life is good.
Expected behavior
For the fetch to complete in a few seconds without error.
Actual behavior
In GitHub Desktop, the fetch operation either fails due to the revocation function error, or the RPC error shown in the screen captures. On the command line Git functions as expected.
Screenshots
See above.
Logs
2020-01-27.desktop.production.log
Additional context
Output of git config -get-regexp http
:
http.sslcainfo C:/SKSD-Certs/SKSD-Certs.pem
http.sslbackend openssl
http.schannelcheckrevoke false
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (3 by maintainers)
Top GitHub Comments
Thanks, that makes sense. I’ll try it as soon as I get to work tomorrow. I’m not optimistic, I think the repo I was testing with is very small - we started seeing the issue after a firewall upgrade, so I suspect that the firewall has a hand in the problem and our networking people are pouring over packet captures.
I’ve seen the problem trying to push a trivial change to a repository, for example: create and commit an empty file and attempt to push it. Even that results in the RPC error.
Thanks for your help and the ideas.
Doug
@DouglasUrner As we have not heard back from you on this issue, we are closing it for now. Should you have any more details or questions, please reach out and we will be happy to help. Thank you.