Visual Studio 2019 + 捆绑 Git - SChannel 加密提供程序在独立 Git 安装成功的情况下失败
Visual Studio 2019 + Bundled Git - SChannel encryption provider fails where standalone Git installation succeeds
背景
我们的组织使用域控制器上的组策略分发内部证书。对于我们的 git 安装,这意味着我们需要使用 'Windows Secure Channel' 库进行 HTTPS 连接,而不是 OpenSSL。
问题
尝试使用 VS2019 Enterprise 捆绑 Git 与 schannel 连接到远程 Git 存储库失败并出现错误:
schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline
当我使用 VS2019 UI 尝试与 repo 同步时,以及当我通过命令行 运行 它时,都会出现此错误。 (我使用的可执行文件的路径是 C:\Program Files (x86)\Microsoft Visual Studio19\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)
但是,如果我 运行 与 VS2017 捆绑在一起的 git 可执行文件,我可以成功地与 repo 同步(可执行文件路径:C:\Program Files (x86)\Microsoft Visual Studio17\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)。但是,如果我打开 VS2017 并尝试使用 UI 我会收到与上面相同的 schannel 错误!
总结
执行 git 的独立安装并使用 Windows 安全通道进行设置,成功连接到远程存储库。
无论是使用 IDE UI 还是通过命令行,VS2019 捆绑的 git 都不起作用。
VS2017 捆绑 git 在命令行中工作,但不能通过 IDE UI.
配置文件
我的全局 .gitconfig 如下所示:
[user]
name = xxx
email = xxx@xxx.com
[http]
sslBackend = schannel
VS2019 .git配置如下所示:
[core]
symlinks = false
autocrlf = true
[color]
diff = auto
status = auto
branch = auto
interactive = true
[pack]
packSizeLimit = 2g
[help]
format = html
[diff "astextplain"]
textconv = astextplain
[rebase]
autosquash = true
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true
[include]
; include Git for Windows' system config in order
; to inherit settings like `core.autocrlf`
path = C:/Program Files (x86)/Git/etc/gitconfig
path = C:/Program Files/Git/etc/gitconfig
VS2017 .gitconfig 如下所示(与 VS2019 完全相同):
[core]
symlinks = false
autocrlf = true
[color]
diff = auto
status = auto
branch = auto
interactive = true
[pack]
packSizeLimit = 2g
[help]
format = html
[diff "astextplain"]
textconv = astextplain
[rebase]
autosquash = true
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true
[include]
; include Git for Windows' system config in order
; to inherit settings like `core.autocrlf`
path = C:/Program Files (x86)/Git/etc/gitconfig
path = C:/Program Files/Git/etc/gitconfig
您可以尝试以下步骤:
删除文件夹(您可以备份此文件夹以备不时之需恢复):
C:\Program Files (x86)\Microsoft Visual Studio19\xxx\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git
确保您的系统上没有安装 Git 版本。一旦你有 Git .
Control Panel / Uninstall a program 中卸载它们
下载Git的latest version并安装。
运行 在您的 Git shell 中使用此命令禁用吊销检查:
$ git config --global http.schannelCheckRevoke false
Note:
From this link:
We do not recommend setting this config value for normal Git
usage. This is intended to be an "escape hatch" for situations where
the network administrator has restricted the normal usage of SChannel
APIs on Windows that Git is trying to use.
背景
我们的组织使用域控制器上的组策略分发内部证书。对于我们的 git 安装,这意味着我们需要使用 'Windows Secure Channel' 库进行 HTTPS 连接,而不是 OpenSSL。
问题
尝试使用 VS2019 Enterprise 捆绑 Git 与 schannel 连接到远程 Git 存储库失败并出现错误:
schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline
当我使用 VS2019 UI 尝试与 repo 同步时,以及当我通过命令行 运行 它时,都会出现此错误。 (我使用的可执行文件的路径是 C:\Program Files (x86)\Microsoft Visual Studio19\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)
但是,如果我 运行 与 VS2017 捆绑在一起的 git 可执行文件,我可以成功地与 repo 同步(可执行文件路径:C:\Program Files (x86)\Microsoft Visual Studio17\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe)。但是,如果我打开 VS2017 并尝试使用 UI 我会收到与上面相同的 schannel 错误!
总结
执行 git 的独立安装并使用 Windows 安全通道进行设置,成功连接到远程存储库。
无论是使用 IDE UI 还是通过命令行,VS2019 捆绑的 git 都不起作用。
VS2017 捆绑 git 在命令行中工作,但不能通过 IDE UI.
配置文件
我的全局 .gitconfig 如下所示:
[user]
name = xxx
email = xxx@xxx.com
[http]
sslBackend = schannel
VS2019 .git配置如下所示:
[core]
symlinks = false
autocrlf = true
[color]
diff = auto
status = auto
branch = auto
interactive = true
[pack]
packSizeLimit = 2g
[help]
format = html
[diff "astextplain"]
textconv = astextplain
[rebase]
autosquash = true
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true
[include]
; include Git for Windows' system config in order
; to inherit settings like `core.autocrlf`
path = C:/Program Files (x86)/Git/etc/gitconfig
path = C:/Program Files/Git/etc/gitconfig
VS2017 .gitconfig 如下所示(与 VS2019 完全相同):
[core]
symlinks = false
autocrlf = true
[color]
diff = auto
status = auto
branch = auto
interactive = true
[pack]
packSizeLimit = 2g
[help]
format = html
[diff "astextplain"]
textconv = astextplain
[rebase]
autosquash = true
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true
[include]
; include Git for Windows' system config in order
; to inherit settings like `core.autocrlf`
path = C:/Program Files (x86)/Git/etc/gitconfig
path = C:/Program Files/Git/etc/gitconfig
您可以尝试以下步骤:
删除文件夹(您可以备份此文件夹以备不时之需恢复):
C:\Program Files (x86)\Microsoft Visual Studio19\xxx\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git确保您的系统上没有安装 Git 版本。一旦你有 Git .
,请在 下载Git的latest version并安装。
运行 在您的 Git shell 中使用此命令禁用吊销检查:
$ git config --global http.schannelCheckRevoke falseNote:
From this link:
We do not recommend setting this config value for normal Git usage. This is intended to be an "escape hatch" for situations where the network administrator has restricted the normal usage of SChannel APIs on Windows that Git is trying to use.
Control Panel / Uninstall a program 中卸载它们