| | |
|---|
| | | ### Creating your own Self-Signed SSL Certificate
|
|---|
| | | Gitblit GO (and Gitblit Certificate Authority) automatically generates a Certificate Authority (CA) certificate and an ssl certificate signed by this CA certificate that is bound to *localhost*.
|
|---|
| | |
|
|---|
| | | Remote Eclipse/EGit/JGit clients (<= 2.2.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the *http.sslVerify=false* client-side setting.
|
|---|
| | | Remote Eclipse/EGit/JGit clients (< 3.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the *http.sslVerify=false* client-side setting.
|
|---|
| | |
|
|---|
| | | The EGit failure message is something like:
|
|---|
| | |
|
|---|
| | |
|---|
| | | 2. Else if a team has an explicit permission, use that
|
|---|
| | | 3. Else check for the first regex match in team permissions
|
|---|
| | |
|
|---|
| | | #### No-So-Discrete Permissions (Gitblit <= v1.1.0)
|
|---|
| | | #### No-So-Discrete Permissions (Gitblit <= v1.1.0)
|
|---|
| | |
|
|---|
| | | Prior to v1.2.0, Gitblit has two main access permission groupings:
|
|---|
| | |
|
|---|
| | |
|---|
| | | **NOTE:**
|
|---|
| | | The default self-signed certificate generated by Gitlbit GO is bound to *localhost*.
|
|---|
| | | If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.
|
|---|
| | | You must do this because Eclipse/EGit/JGit (<= 2.1.0) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting. |
|---|
| | | You must do this because Eclipse/EGit/JGit (< 3.0) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting. |
|---|
| | |
|
|---|
| | | - **Eclipse/EGit/JGit**
|
|---|
| | | 1. Window->Preferences->Team->Git->Configuration
|
|---|
| | |
|---|
| | | This can be adjusted on your client by changing the default post buffer size:
|
|---|
| | | <pre>git config --global http.postBuffer 524288000</pre>
|
|---|
| | |
|
|---|
| | | ### Disabling SNI
|
|---|
| | |
|
|---|
| | | You may run into SNI alerts (Server Name Indication). These will manifest as failures to clone or push to your Gitblit instance.
|
|---|
| | |
|
|---|
| | | #### Java-based Clients
|
|---|
| | |
|
|---|
| | | When using Java 7-based clients, SNI is enabled by default. You can disable SNI by specifying the JVM system parameter `-Djsse.enableSNIExtension=false` when your Java-based client launches.
|
|---|
| | |
|
|---|
| | | For Eclipse, you can append `-Djsse.enableSNIExtension=false` to your *eclipse.ini* file.
|
|---|
| | |
|
|---|
| | | #### Native Clients
|
|---|
| | |
|
|---|
| | | Native clients may display an error when attempting to clone or push that looks like this:
|
|---|
| | | ---FIXED---
|
|---|
| | | C:\projects\git\gitblit>git push rhcloud master
|
|---|
| | | error: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) while accessing https://demo-gitblit.rhcloud.com/git/gitblit.git/info/refs?service=git-receive-pack
|
|---|
| | | fatal: HTTP request failed
|
|---|
| | | ---FIXED---
|
|---|
| | |
|
|---|
| | | ### Cloning an Access Restricted Repository
|
|---|
| | | - **Eclipse/EGit/JGit**
|
|---|
| | | Nothing special to configure, EGit figures out everything.
|
|---|
