Visual Studio 2019 + 捆绑 Git - SChannel 加密提供程序在独立 Git 安装成功的情况下失败

Visual Studio 2019 + Bundled Git - SChannel encryption provider fails where standalone Git installation succeeds

背景

我们的组织使用域控制器上的组策略分发内部证书。对于我们的 git 安装,这意味着我们需要使用 'Windows Secure Channel' 库进行 HTTPS 连接,而不是 OpenSSL。


问题

尝试使用 VS2019 Enterprise 捆绑 Git 与 schannel 连接到远程 Git 存储库失败并出现错误:

schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline

当我使用 VS2019 UI 尝试与 repo 同步时,以及当我通过命令行 运行 它时,都会出现此错误。 (我使用的可执行文件的路径是 C:\Program Files (x86)\Microsoft Visual Studio19\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe

但是,如果我 运行 与 VS2017 捆绑在一起的 git 可执行文件,我可以成功地与 repo 同步(可执行文件路径:C:\Program Files (x86)\Microsoft Visual Studio17\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)。但是,如果我打开 VS2017 并尝试使用 UI 我会收到与上面相同的 schannel 错误!


总结

执行 git 的独立安装并使用 Windows 安全通道进行设置,成功连接到远程存储库。

无论是使用 IDE UI 还是通过命令行,VS2019 捆绑的 git 都不起作用。

VS2017 捆绑 git 在命令行中工作,但不能通过 IDE UI.


配置文件

我的全局 .gitconfig 如下所示:

[user]
    name = xxx
    email = xxx@xxx.com
[http]
    sslBackend = schannel

VS2019 .git配置如下所示:

[core]
    symlinks = false
    autocrlf = true
[color]
    diff = auto
    status = auto
    branch = auto
    interactive = true
[pack]
    packSizeLimit = 2g
[help]
    format = html
[diff "astextplain"]
    textconv = astextplain
[rebase]
    autosquash = true
[filter "lfs"]
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
    process = git-lfs filter-process
    required = true
[include]
    ; include Git for Windows' system config in order
    ; to inherit settings like `core.autocrlf`
    path = C:/Program Files (x86)/Git/etc/gitconfig
    path = C:/Program Files/Git/etc/gitconfig

VS2017 .gitconfig 如下所示(与 VS2019 完全相同):

[core]
    symlinks = false
    autocrlf = true
[color]
    diff = auto
    status = auto
    branch = auto
    interactive = true
[pack]
    packSizeLimit = 2g
[help]
    format = html
[diff "astextplain"]
    textconv = astextplain
[rebase]
    autosquash = true
[filter "lfs"]
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
    process = git-lfs filter-process
    required = true
[include]
    ; include Git for Windows' system config in order
    ; to inherit settings like `core.autocrlf`
    path = C:/Program Files (x86)/Git/etc/gitconfig
    path = C:/Program Files/Git/etc/gitconfig

您可以尝试以下步骤:

  1. 删除文件夹(您可以备份此文件夹以备不时之需恢复): C:\Program Files (x86)\Microsoft Visual Studio19\xxx\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git

  2. 确保您的系统上没有安装 Git 版本。一旦你有 Git .

  3. ,请在 Control Panel / Uninstall a program 中卸载它们
  4. 下载Git的latest version并安装。

  5. 运行 在您的 Git shell 中使用此命令禁用吊销检查:

    $ git config --global http.schannelCheckRevoke false

    Note:

    From this link:

    We do not recommend setting this config value for normal Git usage. This is intended to be an "escape hatch" for situations where the network administrator has restricted the normal usage of SChannel APIs on Windows that Git is trying to use.