Corporate Proxy Azure Devops with Git

3
votes

I've created a Project and Repo inside of Azure Dev-Ops. We are sitting behind a corporate proxy and would like to clone from this project.

I have set the environment variables http_proxy,https_proxy, HTTP_PROXY,HTTPS_PROXY, git config --global https.proxy, git config --global http.proxy to the matching http or https version below http://domain\username:password@ProxAddr:Proxy or https://domain\username:password@ProxAddr:Proxy

When I run git clone https://username:[email protected]/username/ProjectName/_git/RepoName, I receive the error below.

Cloning into 'ProjectName'...
* Couldn't find host dev.azure.com in the .netrc file; using defaults
*   Trying {proxyip} ...
* Connected to {proxyip} ({proxyip}) port {proxyport} (#0)
* Establish HTTP proxy tunnel to dev.azure.com:443
> CONNECT dev.azure.com:443 HTTP/1.1
Host: dev.azure.com:443
User-Agent: git/2.7.4
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="{CORPRELM}"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 849
<
* Ignore 849 bytes of response-body
* Connect me again please
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the push function.
* Closing connection 0
* Couldn't find host dev.azure.com in the .netrc file; using defaults
* Hostname {proxyip} was found in DNS cache
*   Trying {proxyip}...
* Connected to {proxyip} ({proxyip}) port {proxyport}(#1)
* Establish HTTP proxy tunnel to dev.azure.com:443
> CONNECT dev.azure.com:443 HTTP/1.1
Host: dev.azure.com:443
User-Agent: git/2.7.4
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE
* gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate
< Proxy-Authenticate: NTLM
< Proxy-Authenticate: BASIC realm="{CORPREALM}"
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: close
< Connection: close
< Content-Length: 849
<
* Received HTTP code 407 from proxy after CONNECT
* Closing connection 1
fatal: unable to access 'https://username:[email protected]/username/DevOpsProject/_git/DevOpsRepo/': gnutls_handshake() failed: Error in the push function.

The error appears to be this?

< Proxy-Authenticate: NEGOTIATE
* gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate

Do I need to explicitly state something?

2
gitazure-devops

2 Answers

3
votes

It looks like your proxy may be misconfigured, and is offering authentication mechanisms it can't support (in this case, Negotiate). You can work around this by setting the http.proxyAuthMethod option to something suitable. Based on the output, you'll probably want to use ntlm or basic.

In addition, you can set this on a per-url or pattern basis by using something like git config http.https://*.azure.com/.proxyAuthMethod ntlm for all HTTPS URLs with hostnames matching *.azure.com.

1
votes

Updating to a newer version of git resolves this.