Git Credential Manager fails with SSL error
Git Credential Manager, when doing the OAuth
authentication flow for HTTPS git repositories, can
have its callback URL changed from HTTP to HTTPS.
This causes the authentication to fail due to the
SSL error SSL_ERROR_RX_RECORD_TOO_LONG.
1
This problem requires a configuration change from the server administrator to be resolved. Alternatively, this issue can be worked around by: 1
- Manually navigating to the HTTP version of the URL after getting the error.
- Using the SSH URL for the git repository.
Cause
This can be caused by an incorrectly configured
reverse proxy server. For example, if Forgejo is
being hosted behind an NGINX reverse proxy
configuration, this problem can be caused by the
proxy_redirect directive in NGINX. This
NGINX configuration remaps all Location
fields in a proxied server's response from
http to https: 2
proxy_redirect http:// https://;This causes the callback URL that Git Credential
Helper uses to be changed from
http://127.0.0.1 to
https://127.0.0.1. Since
127.0.0.1 doesn't have an SSL
certificate, the request fails. 2
Solution
You can either remove the
proxy_redirect: 2
-proxy_redirect http:// https://;Or you can keep the existing behavior, except for
redirects to 127.0.0.1: 2
+proxy_redirect http://127.0.0.1 http://127.0.0.1;
proxy_redirect http:// https://;