Kerberos auth not working when accessing repo via HTTPS using CNAME #4400

jnahmias · 2023-04-28T14:05:23Z

I was not able to find an open or closed issue matching what I'm seeing

Setup

Which version of Git for Windows are you using? Is it 32-bit or 64-bit?

C:\Temp>git --version --build-options
git version 2.40.1.windows.1
cpu: x86_64
built from commit: ceee26d5cac05a3437097b43d034c4ad2e99d571
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?

C:\Temp>ver

Microsoft Windows [Version 10.0.19044.2604]

What options did you set as part of the installation? Or did you choose the
defaults?

C:\Temp>type "C:\Program Files\Git\etc\install-options.txt"
Editor Option: VIM
Custom Editor Path:
Default Branch Option: main
Path Option: Cmd
Plink Path: C:\Program Files\PuTTY\plink.exe
SSH Option: Plink
Tortoise Option: true
CURL Option: WinSSL
CRLF Option: CRLFAlways
Bash Terminal Option: ConHost
Git Pull Behavior Option: FFOnly
Use Credential Manager: Enabled
Performance Tweaks FSCache: Enabled
Enable Symlinks: Disabled
Enable Pseudo Console Support: Disabled
Enable FSMonitor: Disabled

Any other interesting things about your environment that might be related
to the issue you're seeing?

I have installed Gitea on a internal RHEL8 server, which is joined to Active Directory. I've configured Apache on that server as a reverse proxy to do SSL termination and Kerberos SSO authentication. I've also set up a CNAME [gitea.example.org] in DNS for that server to make the URLs more memorable (and shorter).

I am able to access the git repos via HTTPS URLs that reference the CNAME using git on Linux. I can also access the gitea website using Firefox or MS Edge on Windows. All this works seamlessly with Kerberos single sign on, and I'm never prompted for a password nor denied access.

When using the git for windows client program, it only works if I use an HTTPS URL with the canonical hostname for the server. However, if the URL uses that CNAME (eg. https://gitea.example.org/UserName/CodeRepo.git) I get fatal: Authentication failed.

Details

Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

cmd.exe

What commands did you run to trigger this issue? If you can provide a
Minimal, Complete, and Verifiable example
this will help us understand the issue.

C:\Temp>git clone https://gitea.example.org/UserName/CodeRepo.git
Cloning into 'CodeRepo'...
fatal: Authentication failed for 'https://gitea.example.org/UserName/CodeRepo.git/'

What did you expect to occur after running these commands?

Cloning into 'CodeRepo'...
remote: Enumerating objects: 70, done.
remote: Counting objects: 100% (70/70), done.
remote: Compressing objects: 100% (70/70), done.
remote: Total 70 (delta 36), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (70/70), 15.31 KiB | 2.19 MiB/s, done.
Resolving deltas: 100% (36/36), done.

What actually happened instead?

Cloning into 'CodeRepo'...
fatal: Authentication failed for 'https://gitea.example.org/UserName/CodeRepo.git/'

If the problem was occurring with a specific repository, can you provide the
URL to that repository to help us with testing?

Sorry, as mentioned, it's an internal Gitea installation.

The text was updated successfully, but these errors were encountered:

dscho · 2023-04-28T15:33:35Z

If I understand correctly, there is no out-of-the-box support for Gitea in Git Credential Manager. But there seems to be new OAuth support added in git-ecosystem/git-credential-manager#1047 (see that PR for an example configuration). Here is some documentation how to find the necessary metadata of your Gitea installation: https://docs.gitea.io/en-us/development/oauth2-provider/

See also git-ecosystem/git-credential-manager#879, git-ecosystem/git-credential-manager#1227 and git-ecosystem/git-credential-manager#145.

mjcheetham · 2023-04-28T16:13:55Z

I've configured Apache on that server as a reverse proxy to do SSL termination and Kerberos SSO authentication. I've also set up a CNAME [gitea.example.org] in DNS for that server to make the URLs more memorable (and shorter).

To confirm, you're looking to use Kerberos rather than OAuth, username/password, personal access tokens with your internal Gitea instance?

fatal: Authentication failed for 'https://gitea.example.org/UserName/CodeRepo.git/'

This error message comes from Git, not Git Credential Manager.

When using the git for windows client program, it only works if I use an HTTPS URL with the canonical hostname for the server.

I suspect that there's some issue with your DNS setup, given it works correctly with the canonical server hostname.

Could you try again with various tracing settings enabled to see what's going on?

// Set the following environment variables
GIT_TRACE=1
GCM_TRACE=1
GIT_TRACE_CURL=1

Please note that the trace output (especially libcurl's) may contain sensitive information so you should review and redact such information before posting.

jnahmias · 2023-04-28T17:02:17Z

To confirm, you're looking to use Kerberos rather than OAuth, username/password, personal access tokens with your internal Gitea instance?

Confirmed.

I suspect that there's some issue with your DNS setup, given it works correctly with the canonical server hostname.

I've double-checked DNS and the CNAME correctly points to the server's canonical hostname.
I also confirmed that the PTR for the server's IP points to the canonical hostname A record (as needed for Kerberos).
You didn't ask, but I also confirmed (using setspn /Q) that the SPN for the canonical hostname is properly registered in AD.
Also note that Kerberos auth works with the CNAME when using git on Linux without any issue. It also works in browsers (FF, Edge) on the same Windows workstation where git for windows fails.

Could you try again with various tracing settings enabled to see what's going on?

C:\Temp>set GIT_TRACE=1

C:\Temp>set GCM_TRACE=1

C:\Temp>set GIT_TRACE_CURL=1

C:\Temp>git clone https://gitea.example.org/UserName/CodeRepo.git
12:57:21.872284 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
12:57:21.919284 git.c:439               trace: built-in: git clone https://gitea.example.org/UserName/CodeRepo.git
Cloning into 'CodeRepo'...
12:57:22.005283 run-command.c:655       trace: run_command: git remote-https origin https://gitea.example.org/UserName/CodeRepo.git
12:57:22.092281 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:57:22.098282 git.c:725               trace: exec: git-remote-https origin https://gitea.example.org/UserName/CodeRepo.git
12:57:22.098282 run-command.c:655       trace: run_command: git-remote-https origin https://gitea.example.org/UserName/CodeRepo.git
12:57:22.206614 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:57:22.249629 http.c:724              == Info:   Trying 10.7.209.61:443...
12:57:22.251613 http.c:724              == Info: Connected to gitea.example.org (10.7.209.61) port 443 (#0)
12:57:22.251613 http.c:724              == Info: schannel: disabled automatic use of client certificate
12:57:22.284613 http.c:724              == Info: using HTTP/1.x
12:57:22.284613 http.c:671              => Send header, 0000000239 bytes (0x000000ef)
12:57:22.285612 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
12:57:22.285612 http.c:683              => Send header: Host: gitea.example.org
12:57:22.285612 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
12:57:22.285612 http.c:683              => Send header: Accept: */*
12:57:22.285612 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
12:57:22.285612 http.c:683              => Send header: Pragma: no-cache
12:57:22.285612 http.c:683              => Send header: Git-Protocol: version=2
12:57:22.285612 http.c:683              => Send header:
12:57:22.285612 http.c:671              <= Recv header, 0000000027 bytes (0x0000001b)
12:57:22.285612 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
12:57:22.285612 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
12:57:22.285612 http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
12:57:22.285612 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
12:57:22.285612 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
12:57:22.285612 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
12:57:22.285612 http.c:683              <= Recv header: WWW-Authenticate: Negotiate
12:57:22.285612 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
12:57:22.285612 http.c:683              <= Recv header: Content-Length: 381
12:57:22.285612 http.c:671              <= Recv header, 0000000045 bytes (0x0000002d)
12:57:22.285612 http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
12:57:22.285612 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
12:57:22.285612 http.c:683              <= Recv header:
12:57:22.285612 http.c:724              == Info: Ignoring the response-body
12:57:22.285612 http.c:697              <= Recv data, 0000000381 bytes (0x0000017d)
12:57:22.285612 http.c:712              <= Recv data: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><he
12:57:22.285612 http.c:712              <= Recv data: ad>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauth
12:57:22.285612 http.c:712              <= Recv data: orized</h1>.<p>This server could not verify that you.are aut
12:57:22.285612 http.c:712              <= Recv data: horized to access the document.requested.  Either you suppli
12:57:22.285612 http.c:712              <= Recv data: ed the wrong.credentials (e.g., bad password), or your.brows
12:57:22.285612 http.c:712              <= Recv data: er doesn't understand how to supply.the credentials required
12:57:22.285612 http.c:712              <= Recv data: .</p>.</body></html>.
12:57:22.285612 http.c:724              == Info: Connection #0 to host gitea.example.org left intact
12:57:22.285612 http.c:724              == Info: Issue another request to this URL: 'https://gitea.example.org/UserName/CodeRepo.git/info/refs?service=git-upload-pack'
12:57:22.285612 http.c:724              == Info: Found bundle for host: 0x23fc4c28200 [serially]
12:57:22.285612 http.c:724              == Info: Can not multiplex, even if we wanted to
12:57:22.285612 http.c:724              == Info: Re-using existing connection #0 with host gitea.example.org
12:57:22.297621 http.c:724              == Info: Server auth using Negotiate with user ''
12:57:22.297621 http.c:671              => Send header, 0000000322 bytes (0x00000142)
12:57:22.297621 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
12:57:22.297621 http.c:683              => Send header: Host: gitea.example.org
12:57:22.297621 http.c:683              => Send header: Authorization: Negotiate <redacted>
12:57:22.297621 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
12:57:22.297621 http.c:683              => Send header: Accept: */*
12:57:22.298612 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
12:57:22.298612 http.c:683              => Send header: Pragma: no-cache
12:57:22.298612 http.c:683              => Send header: Git-Protocol: version=2
12:57:22.298612 http.c:683              => Send header:
12:57:22.317610 http.c:671              <= Recv header, 0000000027 bytes (0x0000001b)
12:57:22.317610 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
12:57:22.317610 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
12:57:22.317610 http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
12:57:22.317610 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
12:57:22.317610 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
12:57:22.317610 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
12:57:22.317610 http.c:683              <= Recv header: Content-Length: 381
12:57:22.317610 http.c:671              <= Recv header, 0000000045 bytes (0x0000002d)
12:57:22.317610 http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
12:57:22.317610 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
12:57:22.317610 http.c:683              <= Recv header:
12:57:22.317610 http.c:697              <= Recv data, 0000000381 bytes (0x0000017d)
12:57:22.317610 http.c:712              <= Recv data: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><he
12:57:22.317610 http.c:712              <= Recv data: ad>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauth
12:57:22.317610 http.c:712              <= Recv data: orized</h1>.<p>This server could not verify that you.are aut
12:57:22.317610 http.c:712              <= Recv data: horized to access the document.requested.  Either you suppli
12:57:22.317610 http.c:712              <= Recv data: ed the wrong.credentials (e.g., bad password), or your.brows
12:57:22.317610 http.c:712              <= Recv data: er doesn't understand how to supply.the credentials required
12:57:22.317610 http.c:712              <= Recv data: .</p>.</body></html>.
12:57:22.317610 http.c:724              == Info: Connection #0 to host gitea.example.org left intact
12:57:22.317610 run-command.c:655       trace: run_command: 'C:/Program\ Files/Git/mingw64/bin/git-credential-manager get'
12:57:23.621621 ...\Application.cs:95   trace: [RunInternalAsync] Version: 2.0.935.18315
12:57:23.629621 ...\Application.cs:96   trace: [RunInternalAsync] Runtime: .NET Framework 4.0.30319.42000
12:57:23.630600 ...\Application.cs:97   trace: [RunInternalAsync] Platform: Windows (x86-64)
12:57:23.630600 ...\Application.cs:98   trace: [RunInternalAsync] OSVersion: 10.0 (build 19044)
12:57:23.631600 ...\Application.cs:99   trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager
12:57:23.632599 ...\Application.cs:100  trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
12:57:23.632599 ...\Application.cs:101  trace: [RunInternalAsync] Arguments: get
12:57:23.700614 ...GitCommandBase.cs:33 trace: [ExecuteAsync] Start 'get' command...
12:57:23.715602 ...GitCommandBase.cs:47 trace: [ExecuteAsync] Detecting host provider for input:
12:57:23.716600 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   protocol=https
12:57:23.716600 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   host=gitea.example.org
12:57:23.823553 ...oviderRegistry.cs:99 trace: [GetProviderAsync] Host provider override was set id='generic'
12:57:23.827551 ...GitCommandBase.cs:50 trace: [ExecuteAsync] Host provider 'Generic' was selected.
12:57:23.829553 ...\HostProvider.cs:126 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://gitea.example.org account=...
12:57:24.232927 ...\HostProvider.cs:131 trace: [GetCredentialAsync] No existing credentials found.
12:57:24.233942 ...\HostProvider.cs:134 trace: [GetCredentialAsync] Creating new credential...
12:57:24.442923 ...ricOAuthConfig.cs:19 trace: [TryGet] Invalid OAuth configuration - missing/invalid authorize endpoint:
12:57:25.024921 ...icHostProvider.cs:86 trace: [GenerateCredentialAsync] Checking host 'https://gitea.example.org/' for Windows Integrated Authentication...
12:57:25.026922 ...Authentication.cs:34 trace: [GetIsSupportedAsync] HTTP: HEAD https://gitea.example.org/
12:57:25.026922 ...pClientFactory.cs:58 trace: [CreateClient] Creating new HTTP client instance...
12:57:26.116175 ...Authentication.cs:37 trace: [GetIsSupportedAsync] HTTP: Response code ignored.
12:57:26.117175 ...Authentication.cs:39 trace: [GetIsSupportedAsync] Inspecting WWW-Authenticate headers...
12:57:26.117175 ...Authentication.cs:44 trace: [GetIsSupportedAsync] Found WWW-Authenticate header for Negotiate
12:57:26.118160 ...icHostProvider.cs:95 trace: [GenerateCredentialAsync] Host supports WIA - generating empty credential...
12:57:26.119159 ...\HostProvider.cs:136 trace: [GetCredentialAsync] Credential created.
12:57:26.119159 ...\GetCommand.cs:39    trace: [ExecuteInternalAsync] Writing credentials to output:
12:57:26.120159 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   protocol=https
12:57:26.120159 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   host=gitea.example.org
12:57:26.121160 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   username=
12:57:26.121160 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   password=********
12:57:26.122158 ...GitCommandBase.cs:54 trace: [ExecuteAsync] End 'get' command...
12:57:26.166159 http.c:724              == Info: Found bundle for host: 0x23fc4c28200 [serially]
12:57:26.166159 http.c:724              == Info: Can not multiplex, even if we wanted to
12:57:26.166159 http.c:724              == Info: Re-using existing connection #0 with host gitea.example.org
12:57:26.167159 http.c:671              => Send header, 0000000239 bytes (0x000000ef)
12:57:26.167159 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
12:57:26.167159 http.c:683              => Send header: Host: gitea.example.org
12:57:26.167159 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
12:57:26.167159 http.c:683              => Send header: Accept: */*
12:57:26.167159 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
12:57:26.167159 http.c:683              => Send header: Pragma: no-cache
12:57:26.167159 http.c:683              => Send header: Git-Protocol: version=2
12:57:26.167159 http.c:683              => Send header:
12:57:26.168165 http.c:671              <= Recv header, 0000000027 bytes (0x0000001b)
12:57:26.168165 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
12:57:26.168165 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
12:57:26.168165 http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:25 GMT
12:57:26.168165 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
12:57:26.168165 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
12:57:26.168165 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
12:57:26.168165 http.c:683              <= Recv header: WWW-Authenticate: Negotiate
12:57:26.168165 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
12:57:26.168165 http.c:683              <= Recv header: Content-Length: 381
12:57:26.168165 http.c:671              <= Recv header, 0000000045 bytes (0x0000002d)
12:57:26.168165 http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
12:57:26.168165 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
12:57:26.168165 http.c:683              <= Recv header:
12:57:26.168165 http.c:697              <= Recv data, 0000000381 bytes (0x0000017d)
12:57:26.168165 http.c:712              <= Recv data: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><he
12:57:26.168165 http.c:712              <= Recv data: ad>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauth
12:57:26.168165 http.c:712              <= Recv data: orized</h1>.<p>This server could not verify that you.are aut
12:57:26.168165 http.c:712              <= Recv data: horized to access the document.requested.  Either you suppli
12:57:26.168165 http.c:712              <= Recv data: ed the wrong.credentials (e.g., bad password), or your.brows
12:57:26.168165 http.c:712              <= Recv data: er doesn't understand how to supply.the credentials required
12:57:26.168165 http.c:712              <= Recv data: .</p>.</body></html>.
12:57:26.168165 http.c:724              == Info: Connection #0 to host gitea.example.org left intact
12:57:26.168165 run-command.c:655       trace: run_command: 'C:/Program\ Files/Git/mingw64/bin/git-credential-manager erase'
12:57:27.472583 ...\Application.cs:95   trace: [RunInternalAsync] Version: 2.0.935.18315
12:57:27.480599 ...\Application.cs:96   trace: [RunInternalAsync] Runtime: .NET Framework 4.0.30319.42000
12:57:27.480599 ...\Application.cs:97   trace: [RunInternalAsync] Platform: Windows (x86-64)
12:57:27.481583 ...\Application.cs:98   trace: [RunInternalAsync] OSVersion: 10.0 (build 19044)
12:57:27.482632 ...\Application.cs:99   trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager
12:57:27.483583 ...\Application.cs:100  trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
12:57:27.483583 ...\Application.cs:101  trace: [RunInternalAsync] Arguments: erase
12:57:27.549583 ...GitCommandBase.cs:33 trace: [ExecuteAsync] Start 'erase' command...
12:57:27.563866 ...GitCommandBase.cs:47 trace: [ExecuteAsync] Detecting host provider for input:
12:57:27.565865 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   protocol=https
12:57:27.565865 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   host=gitea.example.org
12:57:27.566868 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   username=
12:57:27.568886 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   password=********
12:57:27.673866 ...oviderRegistry.cs:99 trace: [GetProviderAsync] Host provider override was set id='generic'
12:57:27.676891 ...GitCommandBase.cs:50 trace: [ExecuteAsync] Host provider 'Generic' was selected.
12:57:27.677866 ...\HostProvider.cs:173 trace: [EraseCredentialAsync] Erasing stored credential in store with service=https://gitea.example.org account=...
12:57:28.108861 ...\HostProvider.cs:180 trace: [EraseCredentialAsync] No credential was erased.
12:57:28.109862 ...GitCommandBase.cs:54 trace: [ExecuteAsync] End 'erase' command...
fatal: Authentication failed for 'https://gitea.example.org/UserName/CodeRepo.git/'

C:\Temp>

mjcheetham · 2023-04-28T20:43:44Z

Git makes unauthented request and get a WWW-Authenticate: Negotiate challenge:

12:57:22.285612 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
12:57:22.285612 http.c:683              => Send header: Host: gitea.example.org
12:57:22.285612 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
12:57:22.285612 http.c:683              => Send header:
12:57:22.285612 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
12:57:22.285612 http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
12:57:22.285612 http.c:683              <= Recv header: WWW-Authenticate: Negotiate

libcurl sees this and tries to use Negotiate, but it doesn't get accepted:

12:57:22.285612 http.c:724              == Info: Connection #0 to host gitea.example.org left intact
12:57:22.285612 http.c:724              == Info: Issue another request to this URL: 'https://gitea.example.org/UserName/CodeRepo.git/info/refs?service=git-upload-pack'
12:57:22.285612 http.c:724              == Info: Found bundle for host: 0x23fc4c28200 [serially]
12:57:22.285612 http.c:724              == Info: Can not multiplex, even if we wanted to
12:57:22.285612 http.c:724              == Info: Re-using existing connection #0 with host gitea.example.org
12:57:22.297621 http.c:724              == Info: Server auth using Negotiate with user ''
12:57:22.297621 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
12:57:22.297621 http.c:683              => Send header: Host: gitea.example.org
12:57:22.297621 http.c:683              => Send header: Authorization: Negotiate <redacted>
12:57:22.297621 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
12:57:22.298612 http.c:683              => Send header:
12:57:22.317610 http.c:671              <= Recv header, 0000000027 bytes (0x0000001b)
12:57:22.317610 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
12:57:22.317610 http.c:683              <= Recv header:

Git/libcurl, having failed to authenticate, then asks GCM for credentials:

12:57:22.317610 run-command.c:655       trace: run_command: 'C:/Program\ Files/Git/mingw64/bin/git-credential-manager get'
12:57:23.621621 ...\Application.cs:95   trace: [RunInternalAsync] Version: 2.0.935.18315
12:57:23.629621 ...\Application.cs:96   trace: [RunInternalAsync] Runtime: .NET Framework 4.0.30319.42000
12:57:23.630600 ...\Application.cs:97   trace: [RunInternalAsync] Platform: Windows (x86-64)
12:57:23.630600 ...\Application.cs:98   trace: [RunInternalAsync] OSVersion: 10.0 (build 19044)
12:57:23.631600 ...\Application.cs:99   trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager
12:57:23.632599 ...\Application.cs:100  trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
12:57:23.632599 ...\Application.cs:101  trace: [RunInternalAsync] Arguments: get
12:57:23.700614 ...GitCommandBase.cs:33 trace: [ExecuteAsync] Start 'get' command...
12:57:23.715602 ...GitCommandBase.cs:47 trace: [ExecuteAsync] Detecting host provider for input:
12:57:23.716600 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   protocol=https
12:57:23.716600 ...GitCommandBase.cs:48 trace: [ExecuteAsync]   host=gitea.example.org
12:57:25.024921 ...icHostProvider.cs:86 trace: [GenerateCredentialAsync] Checking host 'https://gitea.example.org/' for Windows Integrated Authentication...
12:57:26.117175 ...Authentication.cs:44 trace: [GetIsSupportedAsync] Found WWW-Authenticate header for Negotiate
12:57:26.118160 ...icHostProvider.cs:95 trace: [GenerateCredentialAsync] Host supports WIA - generating empty credential...
12:57:26.119159 ...\GetCommand.cs:39    trace: [ExecuteInternalAsync] Writing credentials to output:
12:57:26.120159 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   protocol=https
12:57:26.120159 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   host=gitea.example.org
12:57:26.121160 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   username=
12:57:26.121160 ...\GetCommand.cs:40    trace: [ExecuteInternalAsync]   password=********
12:57:26.122158 ...GitCommandBase.cs:54 trace: [ExecuteAsync] End 'get' command...

GCM returns an empty username/password because it sees that the server supports Negotiate, and wants Git/libcurl will try to use that, but it's already tried that.

The real problem here is that first attempt to auth by libcurl isn't working.

Do have a trace for when it works, using the other server hostname?

jnahmias · 2023-05-02T19:06:01Z

@mjcheetham - sorry for the delay...

Do have a trace for when it works, using the other server hostname?


C:\Temp>set GIT_TRACE=1

C:\Temp>set GCM_TRACE=1

C:\Temp>set GIT_TRACE_CURL=1

C:\Temp>git clone https://ServerHostname.example.org/UserName/CodeRepo.git
14:52:53.119054 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
14:52:53.171051 git.c:439               trace: built-in: git clone https://ServerHostname.example.org/UserName/CodeRepo.git
Cloning into 'CodeRepo'...
14:52:53.259051 run-command.c:655       trace: run_command: git remote-https origin https://ServerHostname.example.org/UserName/CodeRepo.git
14:52:53.376052 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:52:53.395051 git.c:725               trace: exec: git-remote-https origin https://ServerHostname.example.org/UserName/CodeRepo.git
14:52:53.396051 run-command.c:655       trace: run_command: git-remote-https origin https://ServerHostname.example.org/UserName/CodeRepo.git
14:52:53.658050 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:52:53.717049 http.c:724              == Info:   Trying 10.7.209.61:443...
14:52:53.718051 http.c:724              == Info: Connected to ServerHostname.example.org (10.7.209.61) port 443 (#0)
14:52:53.718051 http.c:724              == Info: schannel: disabled automatic use of client certificate
14:52:53.789049 http.c:724              == Info: using HTTP/1.x
14:52:53.789049 http.c:671              => Send header, 0000000231 bytes (0x000000e7)
14:52:53.789049 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
14:52:53.789049 http.c:683              => Send header: Host: ServerHostname.example.org
14:52:53.789049 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
14:52:53.789049 http.c:683              => Send header: Accept: */*
14:52:53.789049 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:52:53.789049 http.c:683              => Send header: Pragma: no-cache
14:52:53.789049 http.c:683              => Send header: Git-Protocol: version=2
14:52:53.789049 http.c:683              => Send header:
14:52:53.790049 http.c:671              <= Recv header, 0000000027 bytes (0x0000001b)
14:52:53.790049 http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
14:52:53.790049 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
14:52:53.790049 http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
14:52:53.790049 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
14:52:53.790049 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
14:52:53.790049 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
14:52:53.790049 http.c:683              <= Recv header: WWW-Authenticate: Negotiate
14:52:53.790049 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
14:52:53.790049 http.c:683              <= Recv header: Content-Length: 381
14:52:53.790049 http.c:671              <= Recv header, 0000000045 bytes (0x0000002d)
14:52:53.790049 http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
14:52:53.790049 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
14:52:53.790049 http.c:683              <= Recv header:
14:52:53.790049 http.c:724              == Info: Ignoring the response-body
14:52:53.790049 http.c:697              <= Recv data, 0000000381 bytes (0x0000017d)
14:52:53.790049 http.c:712              <= Recv data: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><he
14:52:53.790049 http.c:712              <= Recv data: ad>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauth
14:52:53.790049 http.c:712              <= Recv data: orized</h1>.<p>This server could not verify that you.are aut
14:52:53.790049 http.c:712              <= Recv data: horized to access the document.requested.  Either you suppli
14:52:53.790049 http.c:712              <= Recv data: ed the wrong.credentials (e.g., bad password), or your.brows
14:52:53.790049 http.c:712              <= Recv data: er doesn't understand how to supply.the credentials required
14:52:53.790049 http.c:712              <= Recv data: .</p>.</body></html>.
14:52:53.790049 http.c:724              == Info: Connection #0 to host ServerHostname.example.org left intact
14:52:53.790049 http.c:724              == Info: Issue another request to this URL: 'https://ServerHostname.example.org/UserName/CodeRepo.git/info/refs?service=git-upload-pack'
14:52:53.790049 http.c:724              == Info: Found bundle for host: 0x1e678f59b60 [serially]
14:52:53.790049 http.c:724              == Info: Can not multiplex, even if we wanted to
14:52:53.790049 http.c:724              == Info: Re-using existing connection #0 with host ServerHostname.example.org
14:52:53.803047 http.c:724              == Info: Server auth using Negotiate with user ''
14:52:53.803047 http.c:671              => Send header, 0000003602 bytes (0x00000e12)
14:52:53.803047 http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
14:52:53.803047 http.c:683              => Send header: Host: ServerHostname.example.org
14:52:53.803047 http.c:683              => Send header: Authorization: Negotiate <redacted>
14:52:53.803047 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
14:52:53.803047 http.c:683              => Send header: Accept: */*
14:52:53.803047 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:52:53.803047 http.c:683              => Send header: Pragma: no-cache
14:52:53.803047 http.c:683              => Send header: Git-Protocol: version=2
14:52:53.803047 http.c:683              => Send header:
14:52:53.845050 http.c:671              <= Recv header, 0000000017 bytes (0x00000011)
14:52:53.845050 http.c:683              <= Recv header: HTTP/1.1 200 OK
14:52:53.845050 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
14:52:53.845050 http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
14:52:53.845050 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
14:52:53.845050 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
14:52:53.845050 http.c:671              <= Recv header, 0000000278 bytes (0x00000116)
14:52:53.845050 http.c:683              <= Recv header: WWW-Authenticate: Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARufiQLvEOHNEjQZ8/Wncqgg2oNVWyIS0SXTtD2lG0nC8a8mwtwQR/Th3Df32jEYOD5yIW8dLCC9CxqwZyfjqYjwbX4/i7KVaB5DZ8UKT0xeVu0b1Jks7HR2GK3KBuAaqAylkmHrHKs3IJ4rlkgxmc=
14:52:53.845050 http.c:671              <= Recv header, 0000000053 bytes (0x00000035)
14:52:53.845050 http.c:683              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
14:52:53.845050 http.c:671              <= Recv header, 0000000059 bytes (0x0000003b)
14:52:53.845050 http.c:683              <= Recv header: Content-Type: application/x-git-upload-pack-advertisement
14:52:53.845050 http.c:671              <= Recv header, 0000000040 bytes (0x00000028)
14:52:53.845050 http.c:683              <= Recv header: Expires: Tue, 01 Jan 1980 00:00:00 GMT
14:52:53.845050 http.c:671              <= Recv header, 0000000018 bytes (0x00000012)
14:52:53.845050 http.c:683              <= Recv header: Pragma: no-cache
14:52:53.845050 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
14:52:53.845050 http.c:683              <= Recv header: X-Frame-Options: SAMEORIGIN
14:52:53.845050 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
14:52:53.845050 http.c:683              <= Recv header: Content-Length: 158
14:52:53.845050 http.c:671              <= Recv header, 0000000075 bytes (0x0000004b)
14:52:53.845050 http.c:683              <= Recv header: Set-Cookie: i_like_gitea=c03bebdee2e051a7; Path=/; HttpOnly; SameSite=Lax
14:52:53.845050 http.c:671              <= Recv header, 0000000145 bytes (0x00000091)
14:52:53.845050 http.c:683              <= Recv header: Set-Cookie: _csrf=NA__fYWuC0zXsDc6M9peqhgmySM6MTY4MzA1MzU3MzY3MTI4NzUxNQ; Path=/; Expires=Wed, 03 May 2023 18:52:53 GMT; HttpOnly; SameSite=Lax
14:52:53.845050 http.c:671              <= Recv header, 0000000071 bytes (0x00000047)
14:52:53.845050 http.c:683              <= Recv header: Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
14:52:53.845050 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
14:52:53.845050 http.c:683              <= Recv header:
14:52:53.845050 http.c:697              <= Recv data, 0000000158 bytes (0x0000009e)
14:52:53.845050 http.c:712              <= Recv data: 001e# service=git-upload-pack.0000000eversion 2.0015agent=gi
14:52:53.845050 http.c:712              <= Recv data: t/2.31.1.0013ls-refs=unborn.0019fetch=shallow filter.0012ser
14:52:53.845050 http.c:712              <= Recv data: ver-option.0017object-format=sha1.0000
14:52:53.845050 http.c:724              == Info: Connection #0 to host ServerHostname.example.org left intact
14:52:53.845050 http.c:724              == Info: Found bundle for host: 0x1e678f59b60 [serially]
14:52:53.845050 http.c:724              == Info: Can not multiplex, even if we wanted to
14:52:53.845050 http.c:724              == Info: Re-using existing connection #0 with host ServerHostname.example.org
14:52:53.845050 http.c:724              == Info: Curl_output_negotiate, no persistent authentication: cleanup existing context
14:52:53.846050 http.c:724              == Info: Server auth using Negotiate with user ''
14:52:53.846050 http.c:671              => Send header, 0000003674 bytes (0x00000e5a)
14:52:53.846050 http.c:683              => Send header: POST /UserName/CodeRepo.git/git-upload-pack HTTP/1.1
14:52:53.846050 http.c:683              => Send header: Host: ServerHostname.example.org
14:52:53.846050 http.c:683              => Send header: Authorization: Negotiate <redacted>
14:52:53.846050 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
14:52:53.846050 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:52:53.846050 http.c:683              => Send header: Content-Type: application/x-git-upload-pack-request
14:52:53.846050 http.c:683              => Send header: Accept: application/x-git-upload-pack-result
14:52:53.846050 http.c:683              => Send header: Git-Protocol: version=2
14:52:53.846050 http.c:683              => Send header: Content-Length: 185
14:52:53.846050 http.c:683              => Send header:
14:52:53.846050 http.c:697              => Send data, 0000000185 bytes (0x000000b9)
14:52:53.846050 http.c:712              => Send data: 0014command=ls-refs.001eagent=git/2.40.1.windows.10016object
14:52:53.846050 http.c:712              => Send data: -format=sha100010009peel.000csymrefs.000bunborn.0014ref-pref
14:52:53.846050 http.c:712              => Send data: ix HEAD.001bref-prefix refs/heads/.001aref-prefix refs/tags/
14:52:53.846050 http.c:712              => Send data: .0000
14:52:53.869048 http.c:671              <= Recv header, 0000000017 bytes (0x00000011)
14:52:53.869048 http.c:683              <= Recv header: HTTP/1.1 200 OK
14:52:53.869048 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
14:52:53.869048 http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
14:52:53.869048 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
14:52:53.869048 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
14:52:53.869048 http.c:671              <= Recv header, 0000000278 bytes (0x00000116)
14:52:53.869048 http.c:683              <= Recv header: WWW-Authenticate: Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuA7SYi29YHsckakhhPbC4ffiQPj7afMhsQF+UTmGFb3lF1bM6Qf8IuMLDLhUtnO37NR8TzHq0nSrCSdVl7OIyOENQHPnj62mYtxVR+FDF6y8ATU9PZldGkeo1CWblqIgcm9tnuStRZDAB2L1O0i0=
14:52:53.869048 http.c:671              <= Recv header, 0000000039 bytes (0x00000027)
14:52:53.869048 http.c:683              <= Recv header: Cache-Control: no-store, no-transform
14:52:53.869048 http.c:671              <= Recv header, 0000000052 bytes (0x00000034)
14:52:53.869048 http.c:683              <= Recv header: Content-Type: application/x-git-upload-pack-result
14:52:53.869048 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
14:52:53.869048 http.c:683              <= Recv header: X-Frame-Options: SAMEORIGIN
14:52:53.869048 http.c:671              <= Recv header, 0000000021 bytes (0x00000015)
14:52:53.869048 http.c:683              <= Recv header: Content-Length: 145
14:52:53.869048 http.c:671              <= Recv header, 0000000075 bytes (0x0000004b)
14:52:53.869048 http.c:683              <= Recv header: Set-Cookie: i_like_gitea=ff9f03fbc4fb6ee0; Path=/; HttpOnly; SameSite=Lax
14:52:53.869048 http.c:671              <= Recv header, 0000000145 bytes (0x00000091)
14:52:53.869048 http.c:683              <= Recv header: Set-Cookie: _csrf=mc9Yxxp3As5ZJaVJQaArbBuCauk6MTY4MzA1MzU3MzcwOTkyMTg5Mg; Path=/; Expires=Wed, 03 May 2023 18:52:53 GMT; HttpOnly; SameSite=Lax
14:52:53.869048 http.c:671              <= Recv header, 0000000071 bytes (0x00000047)
14:52:53.869048 http.c:683              <= Recv header: Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
14:52:53.869048 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
14:52:53.869048 http.c:683              <= Recv header:
14:52:53.869048 http.c:697              <= Recv data, 0000000145 bytes (0x00000091)
14:52:53.869048 http.c:712              <= Recv data: 0050a76066818ac5d9901511e1537b5f2e8d6d48672e HEAD symref-tar
14:52:53.869048 http.c:712              <= Recv data: get:refs/heads/main.003da76066818ac5d9901511e1537b5f2e8d6d48
14:52:53.869048 http.c:712              <= Recv data: 672e refs/heads/main.0000
14:52:53.869048 http.c:724              == Info: Connection #0 to host ServerHostname.example.org left intact
14:52:53.883053 http.c:724              == Info: Found bundle for host: 0x1e678f59b60 [serially]
14:52:53.883053 http.c:724              == Info: Can not multiplex, even if we wanted to
14:52:53.883053 http.c:724              == Info: Re-using existing connection #0 with host ServerHostname.example.org
14:52:53.883053 http.c:724              == Info: Curl_output_negotiate, no persistent authentication: cleanup existing context
14:52:53.884050 http.c:724              == Info: Server auth using Negotiate with user ''
14:52:53.884050 http.c:671              => Send header, 0000003674 bytes (0x00000e5a)
14:52:53.885051 http.c:683              => Send header: POST /UserName/CodeRepo.git/git-upload-pack HTTP/1.1
14:52:53.885051 http.c:683              => Send header: Host: ServerHostname.example.org
14:52:53.885051 http.c:683              => Send header: Authorization: Negotiate <redacted>
14:52:53.885051 http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
14:52:53.885051 http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:52:53.885051 http.c:683              => Send header: Content-Type: application/x-git-upload-pack-request
14:52:53.885051 http.c:683              => Send header: Accept: application/x-git-upload-pack-result
14:52:53.885051 http.c:683              => Send header: Git-Protocol: version=2
14:52:53.885051 http.c:683              => Send header: Content-Length: 212
14:52:53.885051 http.c:683              => Send header:
14:52:53.885051 http.c:697              => Send data, 0000000212 bytes (0x000000d4)
14:52:53.885051 http.c:712              => Send data: 0011command=fetch001eagent=git/2.40.1.windows.10016object-fo
14:52:53.885051 http.c:712              => Send data: rmat=sha10001000dthin-pack000dofs-delta0032want a76066818ac5
14:52:53.885051 http.c:712              => Send data: d9901511e1537b5f2e8d6d48672e.0032want a76066818ac5d9901511e1
14:52:53.885051 http.c:712              => Send data: 537b5f2e8d6d48672e.0009done.0000
14:52:53.912050 http.c:671              <= Recv header, 0000000017 bytes (0x00000011)
14:52:53.912050 http.c:683              <= Recv header: HTTP/1.1 200 OK
14:52:53.912050 http.c:671              <= Recv header, 0000000037 bytes (0x00000025)
14:52:53.912050 http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
14:52:53.912050 http.c:671              <= Recv header, 0000000087 bytes (0x00000057)
14:52:53.912050 http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
14:52:53.912050 http.c:671              <= Recv header, 0000000278 bytes (0x00000116)
14:52:53.912050 http.c:683              <= Recv header: WWW-Authenticate: Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuGrKZCf+cMka8QIDPSIj0enPXEibFejO5x6ROBjxeLp58FmXUC7d+3/a/PHeiczC1FmqK7eGqVYLrmCmuGqROV5fXb2pKH+USCmkqAyrSH/pNE+ZmTo43iG1vGG225xU+z+YLOLxWActGzycZ6lg=
14:52:53.912050 http.c:671              <= Recv header, 0000000039 bytes (0x00000027)
14:52:53.912050 http.c:683              <= Recv header: Cache-Control: no-store, no-transform
14:52:53.912050 http.c:671              <= Recv header, 0000000052 bytes (0x00000034)
14:52:53.912050 http.c:683              <= Recv header: Content-Type: application/x-git-upload-pack-result
14:52:53.912050 http.c:671              <= Recv header, 0000000029 bytes (0x0000001d)
14:52:53.912050 http.c:683              <= Recv header: X-Frame-Options: SAMEORIGIN
14:52:53.912050 http.c:671              <= Recv header, 0000000075 bytes (0x0000004b)
14:52:53.912050 http.c:683              <= Recv header: Set-Cookie: i_like_gitea=eb88a2773b438c3c; Path=/; HttpOnly; SameSite=Lax
14:52:53.912050 http.c:671              <= Recv header, 0000000145 bytes (0x00000091)
14:52:53.912050 http.c:683              <= Recv header: Set-Cookie: _csrf=yQQGHhAFO94InlLBhhSDfcy3PqY6MTY4MzA1MzU3Mzc0Njk4MDU2OA; Path=/; Expires=Wed, 03 May 2023 18:52:53 GMT; HttpOnly; SameSite=Lax
14:52:53.912050 http.c:671              <= Recv header, 0000000071 bytes (0x00000047)
14:52:53.912050 http.c:683              <= Recv header: Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
14:52:53.912050 http.c:671              <= Recv header, 0000000028 bytes (0x0000001c)
14:52:53.912050 http.c:683              <= Recv header: Transfer-Encoding: chunked
14:52:53.912050 http.c:671              <= Recv header, 0000000002 bytes (0x00000002)
14:52:53.912050 http.c:683              <= Recv header:
14:52:53.912050 http.c:697              <= Recv data, 0000003603 bytes (0x00000e13)
14:52:53.912050 http.c:712              <= Recv data: 800..000dpackfile.0024.Enumerating objects: 70, done..0023.C
14:52:53.912050 http.c:712              <= Recv data: ounting objects:   1% (1/70).0023.Counting objects:   2% (2/
14:52:53.912050 http.c:712              <= Recv data: 70).0023.Counting objects:   4% (3/70).0023.Counting objects
14:52:53.912050 http.c:712              <= Recv data: :   5% (4/70).0023.Counting objects:   7% (5/70).0023.Counti
14:52:53.912050 http.c:712              <= Recv data: ng objects:   8% (6/70).0023.Counting objects:  10% (7/70).0
14:52:53.912050 http.c:712              <= Recv data: 023.Counting objects:  11% (8/70).0023.Counting objects:  12
14:52:53.912050 http.c:712              <= Recv data: % (9/70).0024.Counting objects:  14% (10/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  15% (11/70).0024.Counting objects:  17% (12/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  18% (13/70).0024.Counting objects:  20%
14:52:53.912050 http.c:712              <= Recv data:  (14/70).0024.Counting objects:  21% (15/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  22% (16/70).0024.Counting objects:  24% (17/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  25% (18/70).0024.Counting objects:  27%
14:52:53.912050 http.c:712              <= Recv data:  (19/70).0024.Counting objects:  28% (20/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  30% (21/70).0024.Counting objects:  31% (22/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  32% (23/70).0024.Counting objects:  34%
14:52:53.912050 http.c:712              <= Recv data:  (24/70).0024.Counting objects:  35% (25/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  37% (26/70).0024.Counting objects:  38% (27/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  40% (28/70).0024.Counting objects:  41%
14:52:53.912050 http.c:712              <= Recv data:  (29/70).0024.Counting objects:  42% (30/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  44% (31/70).0024.Counting objects:  45% (32/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  47% (33/70).0024.Counting objects:  48%
14:52:53.912050 http.c:712              <= Recv data:  (34/70).0024.Counting objects:  50% (35/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  51% (36/70).0024.Counting objects:  52% (37/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  54% (38/70).0024.Counting objects:  55%
14:52:53.912050 http.c:712              <= Recv data:  (39/70).0024.Counting objects:  57% (40/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  58% (41/70).0024.Counting objects:  60% (42/70).002
14:52:53.912050 http.c:712              <= Recv data: 4.Counting objects:  61% (43/70).0024.Counting objects:  62%
14:52:53.912050 http.c:712              <= Recv data:  (44/70).0024.Counting objects:  64% (45/70).0024.Counting o
14:52:53.912050 http.c:712              <= Recv data: bjects:  65% (46/70).0024.Counting objects:  67% (47/70).002
14:52:53.914048 http.c:712              <= Recv data: 4.Counting objects:  68% (48/70).0024.Counting objects:  70%
14:52:53.914048 http.c:712              <= Recv data:  (49/70).0024.Counting objects:  71% (50/70).0024.Counting o
14:52:53.914048 http.c:712              <= Recv data: bjects:  72% (51/70).0024.Counting objects:  74% (52/70).002
14:52:53.914048 http.c:712              <= Recv data: 4.Counting objects:  75% (53/70).0024.Counting objects:  77%
14:52:53.914048 http.c:712              <= Recv data:  (54/70).0024.Counting objects:  78% (55/70).0024.Counting o
14:52:53.914048 http.c:712              <= Recv data: bjects:  80% ..605..(56/70).0043.Counting objects:  81% (57/
14:52:53.914048 http.c:712              <= Recv data: 70).Counting objects:  82% (58/70).0024.Counting objects:  8
14:52:53.914048 http.c:712              <= Recv data: 4% (59/70).0024.Counting objects:  85% (60/70).0024.Counting
14:52:53.914048 http.c:712              <= Recv data:  objects:  87% (61/70).0024.Counting objects:  88% (62/70).0
14:52:53.914048 http.c:712              <= Recv data: 024.Counting objects:  90% (63/70).0024.Counting objects:  9
14:52:53.914048 http.c:712              <= Recv data: 1% (64/70).0024.Counting objects:  92% (65/70).0024.Counting
14:52:53.914048 http.c:712              <= Recv data:  objects:  94% (66/70).0024.Counting objects:  95% (67/70).0
14:52:53.914048 http.c:712              <= Recv data: 024.Counting objects:  97% (68/70).0024.Counting objects:  9
14:52:53.914048 http.c:712              <= Recv data: 8% (69/70).004a.Counting objects: 100% (70/70).Counting obje
14:52:53.914048 http.c:712              <= Recv data: cts: 100% (70/70), done..0047.Compressing objects:   1% (1/7
14:52:53.914048 http.c:712              <= Recv data: 0).Compressing objects:   2% (2/70).0026.Compressing objects
14:52:53.914048 http.c:712              <= Recv data: :   4% (3/70).0047.Compressing objects:   5% (4/70).Compress
14:52:53.914048 http.c:712              <= Recv data: ing objects:   7% (5/70).0047.Compressing objects:   8% (6/7
14:52:53.914048 http.c:712              <= Recv data: 0).Compressing objects:  10% (7/70).0085.Compressing objects
14:52:53.914048 http.c:712              <= Recv data: :  11% (8/70).Compressing objects:  12% (9/70).Compressing o
14:52:53.914048 http.c:712              <= Recv data: bjects:  14% (10/70).Compressing objects:  15% (1000b.1/70).
14:52:53.914048 http.c:712              <= Recv data: 006b.Compressing objects:  17% (12/70).Compressing objects:
14:52:53.914048 http.c:712              <= Recv data:  18% (13/70).Compressing objects:  20% (14/70).0027.Compress
14:52:53.914048 http.c:712              <= Recv data: ing objects:  21% (15/70).006b.Compressing objects:  22% (16
14:52:53.914048 http.c:712              <= Recv data: /70).Compressing objects:  24% (17/70).Compressing objects:
14:52:53.914048 http.c:712              <= Recv data:  25% (18/70).0085.Compressing objects:  27% (19/70).Compress
14:52:53.914048 http.c:712              <= Recv data: ing objects:  28% (20/70).Compressing objects:  30% (21/70).
14:52:53.914048 http.c:712              <= Recv data: Compressing objects:  31% 002f.(22/70).Compressing objects:
14:52:53.914048 http.c:712              <= Recv data:  32% (23/70).0027.Compressing objects:  34% (24/70).0027.Com
14:52:53.914048 http.c:712              <= Recv data: pressing objects:  35% (25/70).0049.Compressing objects:  37
14:52:53.914048 http.c:712              <= Recv data: % (26/70).Compressing objects:  38% (27/70).0085.Compressing
14:52:53.914048 http.c:712              <= Recv data:  ..
14:52:53.917049 http.c:697              <= Recv data, 0000009849 bytes (0x00002679)
14:52:53.917049 http.c:712              <= Recv data: 1fb..objects:  40% (28/70).Compressing objects:  41% (29/70)
14:52:53.917049 http.c:712              <= Recv data: .Compressing objects:  42% (30/70).Compressing objects:  44%
14:52:53.917049 http.c:712              <= Recv data:  0073.(31/70).Compressing objects:  45% (32/70).Compressing
14:52:53.917049 http.c:712              <= Recv data: objects:  47% (33/70).Compressing objects:  48% (34/70).0049
14:52:53.917049 http.c:712              <= Recv data: .Compressing objects:  50% (35/70).Compressing objects:  51%
14:52:53.917049 http.c:712              <= Recv data:  (36/70).0049.Compressing objects:  52% (37/70).Compressing
14:52:53.917049 http.c:712              <= Recv data: objects:  54% (38/70).0049.Compressing objects:  55% (39/70)
14:52:53.917049 http.c:712              <= Recv data: .Compressing objects:  57% (40/70).006b.Compressing objects:
14:52:53.917049 http.c:712              <= Recv data:   58% (41/70).Compressing object..800..s:  60% (42/70).Compr
14:52:53.917049 http.c:712              <= Recv data: essing objects:  61% (43/70).0027.Compressing objects:  62%
14:52:53.917049 http.c:712              <= Recv data: (44/70).0085.Compressing objects:  64% (45/70).Compressing o
14:52:53.917049 http.c:712              <= Recv data: bjects:  65% (46/70).Compressing objects:  67% (47/70).Compr
14:52:53.917049 http.c:712              <= Recv data: essing objects:  68% 000d.(48/70).0027.Compressing objects:
14:52:53.917049 http.c:712              <= Recv data:  70% (49/70).0027.Compressing objects:  71% (50/70).0049.Com
14:52:53.917049 http.c:712              <= Recv data: pressing objects:  72% (51/70).Compressing objects:  74% (52
14:52:53.917049 http.c:712              <= Recv data: /70).0049.Compressing objects:  75% (53/70).Compressing obje
14:52:53.917049 http.c:712              <= Recv data: cts:  77% (54/70).0027.Compressing objects:  78% (55/70).002
14:52:53.917049 http.c:712              <= Recv data: 7.Compressing objects:  80% (56/70).0027.Compressing objects
14:52:53.917049 http.c:712              <= Recv data: :  81% (57/70).0027.Compressing objects:  82% (58/70).0027.C
14:52:53.917049 http.c:712              <= Recv data: ompressing objects:  84% (59/70).0049.Compressing objects:
14:52:53.917049 http.c:712              <= Recv data: 85% (60/70).Compressing objects:  87% (61/70).0027.Compressi
14:52:53.917049 http.c:712              <= Recv data: ng objects:  88% (62/70).0027.Compressing objects:  90% (63/
14:52:53.917049 http.c:712              <= Recv data: 70).0027.Compressing objects:  91% (64/70).0027.Compressing
14:52:53.917049 http.c:712              <= Recv data: objects:  92% (65/70).0027.Compressing objects:  94% (66/70)
14:52:53.917049 http.c:712              <= Recv data: .0027.Compressing objects:  95% (67/70).0027.Compressing obj
14:52:53.917049 http.c:712              <= Recv data: ects:  97% (68/70).0027.Compressing objects:  98% (69/70).00
14:52:53.917049 http.c:712              <= Recv data: 27.Compressing objects: 100% (70/70).002e.Compressing object
14:52:53.917049 http.c:712              <= Recv data: s: 100% (70/70), done..2004.PACK.......F..x...Kj.!.E...6..6~
14:52:53.917049 http.c:712              <= Recv data: Z.!....R....j.z..^v..=\8..D`c.>..c.......0igK..jk..-.....&ko
14:52:53.917049 http.c:712              <= Recv data: ...+.T..n....d...d.....[...........'.......O..x......../y..M
14:52:53.917049 http.c:712              <= Recv data: ;.U.....K...V6..b.|.0L)...S..p......[.~...[...x...MJ.1.@.}..
14:52:53.917049 http.c:712              <= Recv data: ....: ".."..9@%.LG..!.G...z.w..|.3C.4..4b.a.h...>._.e..mT..t
14:52:53.917049 http.c:712              <= Recv data: ......M.....O&qR.SM...\..R.2.}.E:<....^iY..p...o.....M:_K?..
14:52:53.918049 http.c:712              <= Recv data: ..A.....Wj...m...b..!.e.]> ..^..=...7|.............WT...x...
14:52:53.918049 http.c:712              <= Recv data: K..0.@.9E..L.oA....0.Ll.tJ......=x.x.3k.&....}.6.5Vr).E..\..
14:52:53.918049 http.c:712              <= Recv data: .lB.c.mh..+.XN.L.da*6.4.b_s.l..Q.g,..]../..K[..//.~xk....t>K
14:52:53.918049 http.c:712              <= Recv data: ⌂^..1z.c.}........⌂E..i..i.=.U6...,M...x...;N.0...>.........
14:52:53.918049 http.c:712              <= Recv data: ..KC..{.$,.D.Ap{V..t.z.3....;.!...bT..L4+TU.Du.9.i....c9....
14:52:53.918049 http.c:712              <= Recv data: O.L6.M.....D.../...?."..r...............6....$......i.......
14:52:53.918049 http.c:712              <= Recv data: ......J&............-c..T8..7 .9`....@..k.....~..|\...x...A.
14:52:53.918049 http.c:712              <= Recv data: . ...=...h.Ba.......0...NC...........d.g3#......R.>.u.c.....
14:52:53.918049 http.c:712              <= Recv data: ..S.m@%.....S.9G.Z}.&k......Q.Uz.E:\..}.[Z....<d....6....,..
14:52:53.918049 http.c:712              <= Recv data: .f....u...Z."..c.....}.E]v.'..c....S;.."GP?..x...1c68....KJ.
14:52:53.918049 http.c:712              <= Recv data: 0.E.Y...._.A..Ep....$/6.6%}..{.......{x.A.)J.....*.I..*i..Y.
14:52:53.918049 http.c:712              <= Recv data: .j..H/v..1.$CDW.&mt......l....%.Z..x.........q^..p...?|\..T[
14:52:53.918049 http.c:712              <= Recv data: .t....(.m....n.$..}].3.K".....3..p...Z......;..e.6>q......d.
14:52:53.918049 http.c:712              <= Recv data: ...X...x...AN.0.@.}N......$.B.Yp..vIA.Gi.. q.._z.?.;.Z[[.Xn.
14:52:53.918049 http.c:712              <= Recv data: .9:.%.r.l".E.7Jw.~Np...."..T....uQV...{....1{.x....>...\....
14:52:53.918049 http.c:712              <= Recv data: ...8.o{.⌂.......T..<..1i..>..k...C.a......W...~..*.Qz..x...A
14:52:53.918049 http.c:712              <= Recv data: J.1.E.}.Z...;.t. ...w.I~..I5I...m......... ....b...9g.l.....
14:52:53.918049 http.c:712              <= Recv data: |f.+B..tpGSBt.Y...l.`.).9.......s...L|.]:.....;.....Oi⌂.Z.)r
14:52:53.918049 http.c:712              <= Recv data: ......ZVo...v..........⌂.L.....-...T.Pp"....2$K.......S..jr.
14:52:53.918049 http.c:712              <= Recv data: ~...O..Y..^.....b...x...]J.0.E.....~.o."......&....iJ.......
14:52:53.918049 http.c:712              <= Recv data: .......!:.(.d..hH...]t1{.."..[.....: xi.x..+..........G..)%.
14:52:53.918049 http.c:712              <= Recv data: ..c,..s.y[...Zp..............._.A.I....p#..bn..1._..D.......
14:52:53.918049 http.c:712              <= Recv data: ...2.).......9......G=..o)~...Z\..x...AJ.1...yE⌂@.d.M.dq....
14:52:53.918049 http.c:712              <= Recv data: >......$K....]......t.@.]....Rd.>.,.8,K.....D.....4...,O.=.B
14:52:53.918049 http.c:712              <= Recv data: ..p.yq.<E...;,....}.k....;.[....{....7.R...>.G...b.........m
14:52:53.918049 http.c:712              <= Recv data: UU.51.,P[.J..>......Tv..^.........FT⌂..x...;N.0.........O"..
14:52:53.918049 http.c:712              <= Recv data: ....~b..^.=.........Uov"....jI.nW..d.E.b@.et.Z.......&....(\
14:52:53.918049 http.c:712              <= Recv data: 7..o[\.K..'.PS.()m..<g...<..p.\..x.q..{.6)........{k..r.'i..
14:52:53.918049 http.c:712              <= Recv data: .k-s.............[..v}....G8.........6&a...2Y...x...=N.1.@..
14:52:53.918049 http.c:712              <= Recv data: ...../..... .E.P"..=f..k..-r. q..W}z.3.N..(.$..-9.3....)G..f
14:52:53.918049 http.c:712              <= Recv data: ..D......MbE.X%..Q..u..<...U4^;A..k.S....FsYh......c........
14:52:53.918049 http.c:712              <= Recv data: ..@!........R.Z.2......Z.....g.s@.|⌂}>O.._.p^2.Sk..3./q...XS
14:52:53.918049 http.c:712              <= Recv data: ..x...1n.!..{^..p....dY.S....,.D.'.(y.-...f4..`...q&[...G.CN
14:52:53.918049 http.c:712              <= Recv data: 'C)........]R;.n.G...D>->..s.O.gc...0..._..J..>..........wo.
14:52:53.918049 http.c:712              <= Recv data: .n.....⌂.q....Xt..p.Nk...U.~k.r..."..ap.<.M..7.+O.4''....U..
14:52:53.918049 http.c:712              <= Recv data: .x...AN.0...y.?.$.6M$.........vQ.*I..Y.'p..\f4...K.(..a.9...
14:52:53.918049 http.c:712              <= Recv data: .X.').D...<'sP.:....n...././.L.%bBdd;/.f6t.U.|h.c.OZ..:<....
14:52:53.918049 http.c:712              <= Recv data: ..u..i.Gm..p!8..G..{.....m......8..8.V.wJ....A..hc....m.....
14:52:53.918049 http.c:712              <= Recv data: .-.._7.[H..x...KND!.E...6....&1.......GG..T'.....'......@...
14:52:53.918049 http.c:712              <= Recv data: ..x.&.k.W....%d$.h..n...M.....b....).dD....u....'.JO9x.'oz..
14:52:53.918049 http.c:712              <= Recv data: ......;.?..<.Z.E..n.`....9.......]...Q...L...p.....⌂..axn.-i
14:52:53.918049 http.c:712              <= Recv data: .H..~..7U...x...Kn.!...../`.?X............1.%..H9Bv.6.W<..x.
14:52:53.918049 http.c:712              <= Recv data: ..ek.T..,.rH.Q.9.K..t.(6.....N:.V......U&...F.J..Dm.~.:&..N.
14:52:53.918049 http.c:712              <= Recv data: ..\[..._...g....1.<.r...t....$.."..*3.K"J....k_`g..Od......`
14:52:53.918049 http.c:712              <= Recv data: ..`L/.o.@U...x...MJ.0...}N1K](.t.S.....+/0M&_#.).(x{........
14:52:53.918049 http.c:712              <= Recv data: ..F.).,.Q.;...$..J..E'X.9x..`...j..J..H...{.g;%7..B.U.......
14:52:53.918049 http.c:712              <= Recv data: .c.W^..'......[.Uj.Cn......}Jv.p..hr...*.J......!*...h..Oo/p
14:52:53.918049 http.c:712              <= Recv data: ...../{m~.!.S...x...MN.0.@..O1.....O$....;L..I.x....=.z.vo..
14:52:53.918049 http.c:712              <= Recv data: .D.&.0gv\,Y)>..$...b.>....&s.&u@.q..K.}...Lv.1JDZ..O........
14:52:53.918049 http.c:712              <= Recv data: .Y..6.......E.3O..!..M^.}......... !.....!....._..-p.Za(..U.
14:52:53.918049 http.c:712              <= Recv data: g..M........xT'..x...KN.0.@.yV.....IS.!...C>v[x... ..Ab....H
14:52:53.918049 http.c:712 remote: Enumerating objects: 70, done.
 Recv data: w.f.,(.|`..[..+.G.. z.aI!.4W.|NHH.d......."....S]\..K.....s.
14:52:53.919048 http.c:712              <= Recv data: ..z.k....#...]..|.zN.C.?.....h./D..,Yk..~...B...._7....in...
14:52:53.919048 http.c:712              <= Recv data: .87...fP...x...;N.0....b/.Z⌂...!$*(....Y..8.....=O...M1.b.2.
14:52:53.919048 http.c:712              <= Recv data: .....6.v.y.9a..w.gk..].U.NR>:....9 ..X..Dg..n..}6..J#....&./
14:52:53.919048 http.c:712              <= Recv data: ......Z.......X....(..~<....~....=.....;.'b._dx⌂~..r.^h.o.V.
14:52:53.919048 http.c:712              <= Recv data: ......C...V.z.r..QN.k..R.I.......^...x...KN.0...>E_......B.d
14:52:53.919048 http.c:712              <= Recv data: ..+..$.8.y<B.=....^-J.x..A@MY;G.."3.,.L...8.*.f.:Mb.....QR.|
14:52:53.919048 http.c:712              <= Recv data: .....H3I.*..bQN..KrE..X...o./...V...?y............'@g.4.*...
14:52:53.919048 http.c:712              <= Recv data: J...:..?.../"f....q...+|s.....a..+....+....N....QW⌂..x...=..
14:52:53.919048 http.c:712              <= Recv data: 0.@.=...@np.$........Hi.4 .=...`{.....H...,h<G.3.......\....
14:52:53.919048 http.c:712              <= Recv data: .f.r......S.6.QbH.d.#.@N.dG...`.?.T.\.&..W......u......8.&..
14:52:53.919048 http.c:712              <= Recv data: n'.......vH.*.R.....zl.?.k..7l.....q.Q...x...A.. ...;...h..P
14:52:53.919048 http.c:712              <= Recv data: ..x......FXC.......4.3.i..q<c\M ....{...X'.'........&..3.).B
14:52:53.919048 http.c:712              <= Recv data: .\..v^....H........'og..4.*H.e..+Q..Q......"?o..x.340075UH./
14:52:53.919048 http.c:712              <= Recv data: .,..u...+.dx.z............n..+.....0?%.$....;.tm-....g.z.KV.
14:52:53.919048 http.c:712              <= Recv data: .....)I-..+.`Xz. .l...V.\.S....Rn...\I+....x..Y{o...._.b..J.
14:52:53.919048 http.c:712              <= Recv data: .i;)ZT)..m9QaK.D.]N'......u.J.#..wf..H......A.....<wf6G?....
14:52:53.919048 http.c:712              <= Recv data: ...O.g....Z-/....".}..^..........,i.I..cs...AF.⌂w..v..m9...,
14:52:53.919048 http.c:712              <= Recv data: ........g.'^.[.0~...w?.....2a..X..V..&..*...⌂.{;....O...s.$.
14:52:53.919048 http.c:712              <= Recv data: ...5;].'z.m-....../.......jGl..f.=.^.:-]...0...%..bN...k>...
14:52:53.919048 http.c:712              <= Recv data: O,WY....e....[....X.G.M.7..-]l2.f;.....?.^..z.ed..4[QgS.....
14:52:53.919048 http.c:712              <= Recv data: Wg-.U}.......K..<zd..Q..s..MP......Z..G..U....7......(qp]*.p
14:52:53.919048 http.c:712              <= Recv data: ..j..j.DO.KQe....([.[pM.(..2.w.*Tw! .w;..h..X..f.K..].x.<N.'
14:52:53.919048 http.c:712              <= Recv data: 'A..s.(aF..E....w.nlb.....d<...;j........5..Vk.......⌂.r.3l.
14:52:53.919048 http.c:712              <= Recv data: 2h....w.⌂8.......s-e..........\-..._.Y"..-.U)H\".;t@....()..
14:52:53.919048 http.c:712              <= Recv data: 9.J..Kl...'._.~.D............y..}.z*..g..8B..`.......K......
14:52:53.919048 http.c:712              <= Recv data: ....a....,N.QT.3...h...=.^....]d..F.. c..u9.Y.B..u.....M..j.
14:52:53.919048 http.c:712              <= Recv data: 13D..Y4x..ij..b...F.......1....a.B....`.^.)....3.R.U..M.N=..
14:52:53.919048 http.c:712              <= Recv data: #-.......VD......{..b.[SS'[....[..nw........NPg.!..%..lZ....
14:52:53.919048 http.c:712              <= Recv data: .1..7..Ku%.......)^..T.R|.j.".kKh..\^...j.ZU......l..`c.~...
14:52:53.919048 http.c:712              <= Recv data: ..^J.d...#K.68..^....G..2...Z....c...\..Sc.O.3'..k.[q_R.....
14:52:53.919048 http.c:712              <= Recv data: .b....D....V.....o."j.EG.~X...r.......7.Y.....'f..h8..W..../
14:52:53.919048 http.c:712              <= Recv data: ..R.Hy..@.2....HeyT.t....vp.v...n.....:.a.o/.........$...)..
14:52:53.919048 http.c:712              <= Recv data: '.......2j.i.....\G`;..3.3G..".K..<`.........T.z.k.o.xRf....
14:52:53.919048 http.c:712              <= Recv data: ..f|..5.j...*.!.b,...g....G."V+-..DN...:..J%T..&..u.......o.
14:52:53.919048 http.c:712              <= Recv data: .Q.../...M...Y."..S...._...>n...!.a.C.`.#-...d.ad4."B....G..
14:52:53.920050 http.c:712              <= Recv data: T...t.Y.d+...}ND.6...iIV...t_SS....m ......|v...*.!......e.@
14:52:53.920050 http.c:712              <= Recv data: ..E.....+....^..u.....+..h..Y...P1.F^.M.K..⌂....a.....1@P9."
14:52:53.920050 http.c:712              <= Recv data: z.z.w.).r5..@V...`m..D[r..?..}........|i4.......J....G.5....
14:52:53.920050 http.c:712              <= Recv data: 7'$.....{y.!....*r..fxj.BG...2.....Ut...s..a..XB.y..T.8ER...
14:52:53.920050 http.c:712              <= Recv data: .C......s.[s<.M.3.e...q%.L.T..w.....%*.......j.....}L.......
14:52:53.920050 http.c:712              <= Recv data: ......K.....Y.J.....<<t....⌂z.....ty... .E...G(....F.-......
14:52:53.920050 http.c:712              <= Recv data: ......L.D(.w.R6........z.~.p;....u..+...<..J^.Fa.i.r9....;..
14:52:53.920050 http.c:712              <= Recv data: ......&.....1......?*....+...i..tJ...5j.....M.E.EN.nV...{j.}
14:52:53.920050 http.c:712              <= Recv data: ...c....~jfh0.......h.#..-.#.q..v1=..f*=d..L.P.\...O.....M..
14:52:53.920050 http.c:712              <= Recv data: .hg........lq...c...g..%.%U.,_..M⌂../UP.0.e..w...S..pg.p4.`.
14:52:53.920050 http.c:712              <= Recv data: 5.......p...>./.7...7..a.8.....V..pSM.w..=....u.\.K..B~..&.Q
14:52:53.920050 http.c:712              <= Recv data: 9G.....G.......*.'. s.....Q_...$.....$...d.Rd..g...a]c.b4...
14:52:53.920050 http.c:712              <= Recv data: s(..N......z.`.b...O........Vv..z.X..>.:..a..Y..!$........S.
14:52:53.920050 http.c:712              <= Recv data: ......v.W..O.....O>z..@50|...6..}sa..6....ja./j[.+^.1...0.?.
14:52:53.920050 http.c:712              <= Recv data: o..h⌂S+..n.O.....5&..|.....Q...R...............I.O.+.......-
14:52:53.920050 http.c:712              <= Recv data: ..+XT.J.bf.....N.z6...;..>.t.G..(.Q....*.....<x...P.E.b>v.X.
14:52:53.920050 http.c:712              <= Recv data: .j.P....bF.R.l...P..pV.U59.5..J1...m<U...lG.u.W...X...C...]u
14:52:53.920050 http.c:712              <= Recv data: KE....:y...H_kS....iD.."....b...8.4...!]......ye.i.?u.76W..w
14:52:53.920050 http.c:712              <= Recv data: ,....c.s[.U....x+........\.....h.......#..Os.......N.=l.]c..
14:52:53.920050 http.c:712              <= Recv data: 3-18{.%............[c..-|A.|......2.\.....h.r2!......EeK.Xs.
14:52:53.920050 http.c:712              <= Recv data: .3n..Z .....=./yp..Q..*....cT...=.+QB>$+`.;...B.j=.......qgl
14:52:53.920050 http.c:712              <= Recv data: ..w"....j....A..i..W.h,.......(........'l...#.."/...}...dU.M
14:52:53.920050 http.c:712              <= Recv data: .y`}.g\<..!.a...S...&.q.:.....cPol....P!9C.+...F.=.<...}.y=.
14:52:53.920050 http.c:712              <= Recv data: ox.".2.:Bc,.Di$..4.l......e.,.K.eV.......E..~[."........&L.L
14:52:53.920050 http.c:712              <= Recv data: ..]..1..*.....]_.....<...9.FI.n.};.....T.c'.........C.%..xS.
14:52:53.920050 http.c:712              <= Recv data: ..@...;...Z...+......F....'t%k..~T........N....I.........*..
14:52:53.920050 http.c:712              <= Recv data: nxA..=.wv........t...=.6u.....T....|x.{j..~C..Xfz|ZfN....zr~
14:52:53.920050 http.c:712              <= Recv data: QfI.^f^...tF{q..F~Aj.Fr~^.T......'Oe....IQ..<1==.(%?Y.(5%.(5
14:52:53.920050 http.c:712              <= Recv data: ..$.*.W...S.y;.f..3.b.&.ds...i......0.9./.....x..g?.~...PA..
14:52:53.920050 http.c:712              <= Recv data: [fNIjQ.z...Bnn..b1.&f..F.....)... x.M.Oo. ...|..G.Q.86..W...
14:52:53.920050 http.c:712              <= Recv data: .z...V+...E....n....8.H{.x...<n..9.\..OG|.N.b......g../..{..
14:52:53.920050 http.c:712              <= Recv data: ....`.a..TF...Q2.m){C..C.[..F.......Tl..D..X..&.B..$..1=.d/.
14:52:53.920050 http.c:712              <= Recv data: .'..G.@..b..Rl...j..mU.J...bP...q...N...*.j'....R.J.cU./r..;
14:52:53.920050 http.c:712              <= Recv data: i...N.C_.,*......eF..1.....:....f.Pw..........=.5.......3.).
14:52:53.920050 http.c:712              <= Recv data: .~.Vl.......>..%.q..g...;>.o#..^.t...W$....]...).....O9..S.~
14:52:53.920050 http.c:712              <= Recv data: &....Nn-.q..KJ.{..!.b...."*.|..q.......S.\x..TmS.F..._.....N
14:52:53.922050 http.c:712              <= Recv data: ~.....c..O.Ld.I'd<..B.dI.;;MK.{.dB..$.....?..n.h_...3G......
14:52:53.922050 http.c:712              <= Recv data: .X..@Z*0..,..d.G....D.l........"z.8......cm.+S*\.k$.e...a.1.
14:52:53.922050 http.c:712              <= Recv data: ..8F...7X.....,4:F..<...........b>.=<[.O^..........a.Fo~.⌂..
14:52:53.922050 http.c:712              <= Recv data: ......nd....A.-.F.....b...}.y.W..a.z.....3...-6./.....g.no.%
14:52:53.922050 http.c:712              <= Recv data: TJ.&./..i4".Wy.EI.... ........n.........8G.h2.cAp..1......0.
14:52:53.922050 http.c:712              <= Recv data: Jj...O⌂...d.]..|_......U...J.\.&....p..16.,X..a.tnK.L.qV*'..
14:52:53.922050 http.c:712              <= Recv data: ....4.......w......N...|...).${q...a....^⌂....}>..=..d8.x...
14:52:53.922050 http.c:712              <= Recv data: ..d<...g3?!.>....T.t..&...w..D..H.E\&...Z....v.2..<K.......^
14:52:53.922050 http.c:712              <= Recv data: ..3C.....

remote: Counting objects:   1% (1/70)
Recv data, 0000007589 bytes (0x00001da5)
14:52:53.924049 http.c:712              <= Recv data: ff8..1d47...n.[+.5,n....O⌂...x....V.....|..2..V=]......29;..
14:52:53.924049 http.c:712              <= Recv data: ..l.../../.xt-e....(VD...b.x`....yDE.1.5.om.0..b..<G.......`
14:52:53.924049 http.c:712              <= Recv data: .S.....Lh.l%.&.W..............T..?H.]..Ng.t.2.FuUjt..i.<.?.1
14:52:53.924049 http.c:712              <= Recv data: ......?...6Z......3,C......._.-.T.............D."⌂..[.,.A.Dw
14:52:53.924049 http.c:712              <= Recv data: +......]...[ .x~=.k.....F.}.....Z.....T......x.+(..#..m.[...
14:52:53.924049 http.c:712              <= Recv data: W..{⌂...d..9......Ck.0x.;...{...dM.e..T.....Xx......pp.\....
14:52:53.924049 http.c:712              <= Recv data: ..kh............A...2...nx.;...k.T..{..&.2.M6g...L...... x.+
14:52:53.924049 http.c:712              <= Recv data: (..#......[..w../f..g.F..<..,.....4x.;.=.K@YQ?)3O.8..8.DA7u.
14:52:53.924049 http.c:712              <= Recv data: s....LR.u..&..V...0.)..x.340075UH./.,..u...+.d...xS......E*.
14:52:53.924049 http.c:712              <= Recv data: ..].|TD...0?%.$....;.tm-....g.z.KV......)I-..+.`...u.....;~.
14:52:53.924049 http.c:712              <= Recv data: .....w.zO....,...x.340075UH./.,..u...+.d...xS......E*...].|T
14:52:53.924049 http.c:712              <= Recv data: D..EaN~b..knAN~ejj1H.⌂.U...m....g..../.Q......X..R...Z......
14:52:53.924049 http.c:712              <= Recv data: ..L..%+.M..A......B..r...O,..iy%_\l...mB.....z..._'!i.)Q...}
14:52:53.924049 http.c:712              <= Recv data: ...t.......|.Q|....8..?d........u_..?....=y.Mya....x..X[s...
14:52:53.924049 http.c:712              <= Recv data: ~.....$e..w.C..I.".9ec..Iv9.J.F0F....Y..........?.j./.....5.
14:52:53.924049 http.c:712              <= Recv data: ../yv....t-.I.EQX.&. ^..l......dID|WP."J..r.!..OC...?...j.d6
14:52:53.924049 http.c:712              <= Recv data: c..\.i.b..C6..I......Vrr..8.3,..\.z2...r...E.T.eZ.T.o...y...
14:52:53.924049 http.c:712              <= Recv data: ]!..$Y.....]....'m=v....hX."..;.o.#.%._...o...V.pc]=⌂.(...f.
14:52:53.924049 http.c:712              <= Recv data: _.e....{...).c...h.j....z....'..!r4K...,..C..!......yI...d1.
14:52:53.924049 http.c:712              <= Recv data: ......IA......e.jS..xH.h.Q>wD..10.n.>}Y..@K...Q.N.>.{D......
14:52:53.924049 http.c:712              <= Recv data: ..DujlUM:w-......I.eDc!m'..W..c.D.{..Q...,..Y..%....s.....,.
14:52:53.924049 http.c:712              <= Recv data: ..9.Q.O.......O..'..x..yq..R..2_L.V&n]A$...C...q n.qtN..C.q.
14:52:53.924049 http.c:712              <= Recv data: .2l...!.Y.C$..&CC.p5.MV.. .*NMk...C.S...\...'ozYt.RxF.%....K
14:52:53.924049 http.c:712              <= Recv data: 5.[.B.@50dY.f.y....."..~%.[....#Kv....S.+^.r/.#.kdk..8..D3..
14:52:53.924049 http.c:712              <= Recv data: B...B.$.A=..O..-..s..u.F..!..z..h{D&O.....B...!..f,X..lI....
14:52:53.924049 http.c:712              <= Recv data: d)..M...f.2p.:...d.\o2.B<...=.\....6..*. .E.x..s.u......u...
14:52:53.924049 http.c:712              <= Recv data: 53...{..v......|8.R..;.......u...>US..0.........7.j.+$.x...G
14:52:53.924049 http.c:712              <= Recv data: u..s.⌂X.{....M......%...a..K......".....0.."...d..9<.4..Hf.;
14:52:53.924049 http.c:712              <= Recv data: ..{ ....!.Sp_..n.o.J>...N...,&...(u.FC.....'....!4.|}l.%.Dr.
14:52:53.924049 http.c:712              <= Recv data: |.:.{0...|.0.k..k....|.C4.kE.....a..t..^h.T...8oY...T"SP-*..
14:52:53.924049 http.c:712              <= Recv data: .#..>......!IN...4..?.W,.s.......\..E..8l.E,...c.o..).-...d.
14:52:53.924049 http.c:712              <= Recv data: VP...X...e....A.`{.E.I.....b...T.......q.V..0.:~T..'/O.g....
14:52:53.924049 http.c:712              <= Recv data: .q=.o.SZ...q....b....9.......v.w.....d........Im}..k.Y..xw(.
14:52:53.924049 http.c:712              <= Recv data: ..;K..ABWLQ}.\S...v......^........?1~QG..r.6..))G....i..j.m.
14:52:53.924049 http.c:712              <= Recv data: ..-.....9.Z.....6.;...:q.;.b........}yuo..-..3..c..k.)K..H..
14:52:53.924049 http.c:712              <= Recv data: U5N.QUel.[.6..2....t(.....3.D.%.+...F.../.*..l.G.;..GL......
14:52:53.924049 http.c:712              <= Recv data: .I...pl.l..A$...*1_....o....A<..... .^. ...⌂..G$..;6..b....#
14:52:53.924049 http.c:712              <= Recv data: ._1.J.,,....L..}..Y...5.f......3.<...o'=.1.q(.....c&.%.vH...
14:52:53.924049 http.c:712              <= Recv data: .;..\.o$s=..?.@c..!......m..e.q..U..`T.p.j...EH.2|.+c..R.g..
14:52:53.924049 http.c:712              <= Recv data: .....qi.fRqi-(`9.............u.o.l.g........Cb9j.,9.;.......
14:52:53.924049 http.c:712              <= Recv data: ...v...'.s.....-1.D.T ,....Y..s.GX....|.w..⌂a(..i.M..~.~.|..
14:52:53.924049 http.c:712              <= Recv data: .Y.7...]\......u.2.W<.|H...I.P....*F.....C..........{.....O.
14:52:53.924049 http.c:712              <= Recv data: .._`m...J{`S[..Y...~1&...bX..t.."..CW.F.....g......]...U..@{
14:52:53.924049 http.c:712              <= Recv data: ..0....uk{c.....n...q...X.)..w.-#..w}.....]....;?..^....os..
14:52:53.924049 http.c:712              <= Recv data: .*......,..D+.......H.+....Z.... .']."!L..2S....S.@..n>Q..}.
14:52:53.924049 http.c:712              <= Recv data: ..E9...<.q.CPEZ.=...$.n@......G....+...B`.+...-....<5=.p$⌂..
14:52:53.924049 http.c:712              <= Recv data: %/I.R7.5(.t..J...U.0.....⌂...>2..j..[5.3.}......=.4.........
14:52:53.924049 http.c:712              <= Recv data: .k?........J...>.... ....j....9....t..SS.w.....V..0..v......
14:52:53.924049 http.c:712              <= Recv data: .E..m.rh!..MN..p..d...z.2.z...I....0...cg7H.-Lv..]sl...[r%..
14:52:53.924049 http.c:712              <= Recv data: ...,.q....1...'..⌂....0....5..Y .s..d.I.e.....R|.Y....5!....
14:52:53.924049 http.c:712              <= Recv data: !k.'>e...Y,...V..'.|:.E..r.....F...A..yZ..0L~M'.U....}B...\U
14:52:53.924049 http.c:712              <= Recv data: ..'5$..Wmui.{.`...C....1....r..pc..|"...J.3...o.⌂U..\.......
14:52:53.924049 http.c:712              <= Recv data: ....L.iP..........AC.._..U..7..x.mRMk.A....[%F!A.4....NV. D.
14:52:53.924049 http.c:712              <= Recv data: .Y.....r......M.....'..4.@0... .Gx.*^.._.d......j..{U...~._.
14:52:53.924049 http.c:712              <= Recv data: >>?..}......y.... .R.z....Vs3.....)..:v P..}..........,.Vt..
14:52:53.924049 http.c:712              <= Recv data: duq.....A........P.......:.....TJ..qD....>..h.<.:e........F.
14:52:53.924049 http.c:712              <= Recv data: ⌂<.~]....T".........\..U..sw....In..........!..6.c4n⌂.z...h.
14:52:53.924049 http.c:712              <= Recv data: ...;....... vA.64.L...s..-....nHdW.Bw$..Q...._.Q....W.7....t
14:52:53.924049 http.c:712              <= Recv data: wK[.{..?{O._...O..:....LA.!./!.&...t...^`v.......^!......2..
14:52:53.924049 http.c:712              <= Recv data: .gVe....,*....S.oR.....Z..\..R.Z.)....Jg...r)'....O}.:]...`-
14:52:53.924049 http.c:712              <= Recv data: .>.^i....y..Z.2.*....Rm...A1...I.....O...SI`8Z..6......J.0`.
14:52:53.924049 http.c:712              <= Recv data: .........~.x.h<@/./....+\/.m6.;............. ⌂.._...#.4x.5..
14:52:53.924049 http.c:712              <= Recv data: ..@...8....0.Y.i...eg6...FF..]....E.9t...0....... ...^|.....
14:52:53.924049 http.c:712              <= Recv data: .....a.......N.....U.E}.O...O........J8.o!z.y..6...E.Gq.....
14:52:53.924049 http.c:712              <= Recv data: j....Wt..9')-...l..V`!x.YQ~*.Q)..⌂]...X...*.JN3"...{[.x>0...
14:52:53.924049 http.c:712              <= Recv data: ...C.ah<Cb...D."..H....Hc.)...... ..n.G..!....$#..n.z6.S.v,⌂
14:52:53.924049 http.c:712              <= Recv data: ..%v.+......8^x0..L&.1.......f..`.6.................c..F..zH
14:52:53.924049 http.c:712              <= Recv data: ..4R..6........-.....=.......p.zS..s.8=$,.9......wpS...DG..d
14:52:53.924049 http.c:712              <= Recv data: '.0]..mu].S/_..d91....&+{.n.7j.'....#.....Bq.n...xN.........
14:52:53.924049 http.c:712              <= Recv data: ..+...fv#....T..1..,..lj..e.h..m23rK.........x..UMo.8...W...
14:52:53.924049 http.c:712              <= Recv data: I.V)....|hm.."M.......J#..D)$.4-..w.2e.I..%.K3.|.......V...B
14:52:53.924049 http.c:712              <= Recv data: ^4.f_...W..bY]...QK.D........&........mJ......Lsn...z;.#F..J
14:52:53.925050 http.c:712              <= Recv data: ........y..[.am.k...+."......c..ZU.L............})...^.@k..w
14:52:53.925050 http.c:712              <= Recv data: ?..vw.|/./?E^hc.bS.<..... M.W..C..-r....X0..~!Lj@....?^.|E.7
14:52:53.925050 http.c:712              <= Recv data: 1......P...nm6.......⌂).6...)..X~/.....N...(...a*'....T M..w
14:52:53.925050 http.c:712              <= Recv data: Bc#..j1K.%....S...w⌂.....0......z......?r}.<4..6......cB..ax
14:52:53.925050 http.c:712              <= Recv data: .....x7.=..D..G....l........=V.T......8/.....l+....x$.......
14:52:53.925050 http.c:712              <= Recv data: Q....d.............o...B...C.5+&.9AAg...x...R....H......\p.~
14:52:53.925050 http.c:712              <= Recv data: S..e..f.(4.nT..u(...."$..1}...[.L....0.....Dh.w.c2j..0.7D.._
14:52:53.925050 http.c:712              <= Recv data: .?...z.~\...wW>.........[t..F*...g.%...}..,.~..D...'O'.}K.8.
14:52:53.925050 http.c:712              <= Recv data: O.K.w....r....⌂\G*.@.....v...""&......u-!...3..E..<g%..]..#w
14:52:53.925050 http.c:712              <= Recv data: ...e../q.b.1o..yp;,...s.l.;..q.mf/4.^......F...&j{H...(.}..8
14:52:53.925050 http.c:712              <= Recv data: #G.q8.....u7#..8..O..[..⌂....m...B.5.,........-..AAt75PE3B.n
14:52:53.925050 http.c:712              <= Recv data: ...D.~.}.....?f2...)ph.q..m.,|..Y....$.)x*.*./ .⌂...Ey...<x.
14:52:53.925050 http.c:712              <= Recv data: ....q.3.m....I.....⌂..vm....v..M......x.....]PYQ?)3O.8..8.DA
14:52:53.925050 http.c:712              <= Recv data: 7.k..03..BV....d⌂f....6..E.y%i..1y..%........%...yV.J..Jz1y.
14:52:53.925050 http.c:712              <= Recv data: .J*.......!...~J\........Px.....q.3.;..o...qeD]..N....T....'
14:52:53.925050 http.c:712              <= Recv data: ......x.....S@YQ?)3O.8..8.DA7ur/..Dh.kP.......CI~vj.^Vq~....
14:52:53.925050 http.c:712              <= Recv data: ..\.J*A.nA....3l.y3..yw6.C..E....R..R.3&[1.j)+.....(...J.-.Q
14:52:53.925050 http.c:712              <= Recv data: ..]...............,.Q..y%.y%.!...V....9...%..y.`G).p)@..nJbI
14:52:53.925050 http.c:712              <= Recv data: "..p......... .9.!.K}...! g(qAe.C..].lU4...t.............n.>
14:52:53.925050 http.c:712              <= Recv data: .J.\.E.y%i..1y..h^.RPR-V.........0..i3.....u....b...mLQ.KLNN
14:52:53.925050 http.c:712              <= Recv data: -..b....kp0.0.u..m...4x..3............|..(\...HBz.+....}..2.
14:52:53.925050 http.c:712              <= Recv data: >D...6..hZ..;e.NXRy.b......^x.. .P|.%.oZQ~nfq~Z~Qnb.dG6..%l5
14:52:53.925050 http.c:712              <= Recv data: .....+..lx.....q..H.i.i|.A...............y...e.Fl.Fx..g⌂.n.Y
14:52:53.925050 http.c:712              <= Recv data: ..6.M2.&...fAx...x.q.u..=.;..Qx...x.q....*.w..|...J.....z@..
14:52:53.925050 http.c:712              <= Recv data: ........z..{x.............{....`.........V."...)....(...?x.{
14:52:53.925050 http.c:712              <= Recv data: j..~B.lZQ~.BU~^jf^Z.BfnA~Q.B.....o.J`..V/JM+J-../..N.S......
14:52:53.925050 http.c:712              <= Recv data: C..1.8?-.(7.D#+Z.199..8..... ...%.$5$37..C....d.1+...X.PL.U{
14:52:53.925050 http.c:712              <= Recv data: nn...\..N..'8....4x....................]....1...e....)......
14:52:53.925050 http.c:712              <= Recv data: ..:x..g..~...V...T..w..6.a9$..l..<....x..............<.0...[
14:52:53.925050 http.c:712              <= Recv data: rI....]....H.).........x..g..|....B...E.iE....%...y:.I.....E
14:52:53.925050 http.c:712              <= Recv data: 9.V\.PP....7..Eq...m......b.r.[.uu4uOX.&....++8....&.d&'..T*
14:52:53.925050 http.c:712              <= Recv data: @....!....U...br=+..8...[9....`...3n.>v)N...\..Op)M~.5sr+w.d
14:52:53.925050 http.c:712              <= Recv data: ..D.....S7/......X\......_.....F....Z5L....Ix.[`>.|C..kqIbQ.
14:52:53.925050 http.c:712              <= Recv data: .8.'v.A..[....x.............(..I...Fu.$':..Y.....)..E.*..x.3
14:52:53.925050 http.c:712              <= Recv data: 40075UH./.,..u...+.d8...=.W.s......w...;.l..0'?1E.5. '.25...
14:52:53.930051 http.c:712              <= Recv data: .?.*.a..Cm..3D~....(....OI,I..y.N-][.....Y.^....&w..jJR.Kt..
14:52:53.930051 http.c:712              <= Recv data: .....'.d..p.......l.J...g.G.o..E..R.*X.........5.s..n......?
14:52:53.930051 http.c:712              <= Recv data: RW...Ox.[`..t.2........".#3M.....Y....4'..Q..K..'.....g.ox..
14:52:53.930051 http.c:712              <= Recv data: ...q..:.........x.....q........s.+.hO...a]...|....*....s...=
14:52:53.930051 http.c:712              <= Recv data: x.........WyfI.B~Aj..dca/^...r%M..b.4+....w2..4..z...cx.....
14:52:53.930051 http.c:712              <= Recv data: q...H...9..;6..._-.w...I....U..9.>f..x...X51.........x.34007
14:52:53.930051 http.c:712              <= Recv data: 5UH./.,..O,..+.d`......=[.G.p~..'.6=.6.(.OI,I..y.N-][.....Y.
14:52:53.930051 http.c:712              <= Recv data: ^....&w..jJR.K@JT.kz...<]....~.7.m..q....+w.%..x.}Q.j.A.f..d
14:52:53.930051 http.c:712              <= Recv data: <*...E.g.f.w.Y....A=$..$...lZw.g.{Y.,...0.....'.9.....k...x.
14:52:53.930051 http.c:712              <= Recv data: ........_;...?9ww....w/|+.z..!.....k.:^...P....V_N.fV..&..k%
14:52:53.930051 http.c:712              <= Recv data: -TBi..... .(Y]...~......e.^.................u.....m.`..!..$.
14:52:53.930051 http.c:712              <= Recv data: ..2K.W."..2........*..Q.1.e1.q.gP.......5.dB...wM⌂:..C...7`.
14:52:53.930051 http.c:712              <= Recv data: ..L...[.Fc%f.t....aQ..'A..i.....r...fc...OFI.;.......o......
14:52:53.930051 http.c:712              <= Recv data: m..j....<gCi....0V()...^s.o|....^.a...lv...FI.'.Jd..3}....a.
14:52:53.930051 http.c:712              <= Recv data: ........H.U.....!..^.⌂)....F.i......XE..a=Vf.........x.34007
14:52:53.930051 http.c:712              <= Recv data: 5UH./.,..O,..+.d.~4..{...o....v.....,j.Q...X..R...Z........L
14:52:53.930051 http.c:712              <= Recv data: ..%+.M..A...........>..y...⌂..\o..(>.....+y....x..*.Bh.;..VF
14:52:53.930051 http.c:712              <= Recv data: ?....O2+...e.U*.*....r).A.^Ifnj~i.P..`.k.W...&..s.T...s...i.
14:52:53.930051 http.c:712              <= Recv data: .%.X,.k003c.Total 70 (delta 36), reused 0 (delta 0), pack-re
14:52:53.930051 http.c:712              <= Recv data: used 0.0006.W..4..0000..0....
14:52:53.930051 http.c:724              == Info: Connection #0 to host ServerHostname.example.org left intact
remote: Counting objects: 100% (70/70), done.
remote: Compressing objects: 100% (70/70), done.
14:52:53.943052 run-command.c:655       trace: run_command: git index-pack --stdin -v --fix-thin '--keep=fetch-pack 22932 on WORKSTATION' --check-self-contained-and-connected
14:52:54.018050 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:52:54.028050 git.c:439               trace: built-in: git index-pack --stdin -v --fix-thin '--keep=fetch-pack 22932 on WORKSTATION' --check-self-contained-and-connected
remote: Total 70 (delta 36), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (70/70), 15.31 KiB | 3.06 MiB/s, done.
Resolving deltas: 100% (36/36), done.
14:52:54.076047 run-command.c:655       trace: run_command: git rev-list --objects --stdin --not --all --quiet --alternate-refs '--progress=Checking connectivity'
14:52:54.145052 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:52:54.152049 git.c:439               trace: built-in: git rev-list --objects --stdin --not --all --quiet --alternate-refs '--progress=Checking connectivity'

C:\Temp>

mjcheetham · 2023-05-15T20:04:54Z

The initial request, apart from the host name and date, are the same, and the response (401) is entirely expected:

  http.c:724              == Info:   Trying 10.7.209.61:443...
- http.c:724              == Info: Connected to ServerHostname.example.org (10.7.209.61) port 443 (#0)
+ http.c:724              == Info: Connected to gitea.example.org (10.7.209.61) port 443 (#0)
  http.c:724              == Info: schannel: disabled automatic use of client certificate
  http.c:724              == Info: using HTTP/1.x
  http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-  upload-pack HTTP/1.1
- http.c:683              => Send header: Host: ServerHostname.example.org
+ http.c:683              => Send header: Host: gitea.example.org
  http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
  http.c:683              => Send header: Accept: */*
  http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
  http.c:683              => Send header: Pragma: no-cache
  http.c:683              => Send header: Git-Protocol: version=2
  http.c:683              => Send header:
  http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
- http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
+ http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
  http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
  http.c:683              <= Recv header: WWW-Authenticate: Negotiate
  http.c:683              <= Recv header: Content-Length: 381
  http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
  http.c:683              <= Recv header:

The subsequent (authenticated) request also appears the same at first:

  http.c:683              => Send header: GET /UserName/CodeRepo.git/info/refs?service=git-upload-pack HTTP/1.1
- http.c:683              => Send header: Host: ServerHostname.example.org
+ http.c:683              => Send header: Host: gitea.example.org
  http.c:683              => Send header: Authorization: Negotiate <redacted>
  http.c:683              => Send header: User-Agent: git/2.40.1.windows.1
  http.c:683              => Send header: Accept: */*
  http.c:683              => Send header: Accept-Encoding: deflate, gzip, br, zstd
  http.c:683              => Send header: Pragma: no-cache
  http.c:683              => Send header: Git-Protocol: version=2
  http.c:683              => Send header:
- http.c:683              <= Recv header: HTTP/1.1 200 OK
+ http.c:683              <= Recv header: HTTP/1.1 401 Unauthorized
- http.c:683              <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT
+ http.c:683              <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
  http.c:683              <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
- http.c:683              <= Recv header: WWW-Authenticate: Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARufiQLvEOHNEjQZ8/Wncqgg2oNVWyIS0SXTtD2lG0nC8a8mwtwQR/Th3Df32jEYOD5yIW8dLCC9CxqwZyfjqYjwbX4/i7KVaB5DZ8UKT0xeVu0b1Jks7HR2GK3KBuAaqAylkmHrHKs3IJ4rlkgxmc=
- http.c:683              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
- http.c:683              <= Recv header: Content-Type: application/x-git-upload-pack-advertisement
+ http.c:683              <= Recv header: Content-Type: text/html; charset=iso-8859-1
- http.c:683              <= Recv header: Expires: Tue, 01 Jan 1980 00:00:00 GMT
- http.c:683              <= Recv header: Pragma: no-cache
- http.c:683              <= Recv header: X-Frame-Options: SAMEORIGIN
- http.c:683              <= Recv header: Content-Length: 158
+ http.c:683              <= Recv header: Content-Length: 381
- http.c:683              <= Recv header: Set-Cookie: i_like_gitea=c03bebdee2e051a7; Path=/; HttpOnly; SameSite=Lax
- http.c:683              <= Recv header: Set-Cookie: _csrf=NA__fYWuC0zXsDc6M9peqhgmySM6MTY4MzA1MzU3MzY3MTI4NzUxNQ; Path=/; Expires=Wed, 03 May 2023 18:52:53 GMT; HttpOnly; SameSite=Lax
- http.c:683              <= Recv header: Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
  http.c:683              <= Recv header:

However, the Authorization header sent in the second request may be different.. we don't know because the value is <redacted>.

http.c:683              => Send header: Authorization: Negotiate <redacted>

In any case, at this point the server, when accessed via the CNAME, is immediately returning a 401 response. I can only imagine there's some auth ticket/message validation issue on the server-side, related to the CNAME.

I did do a quick search for negotiate 401 CNAME and found this question from 7 years ago about something similar: https://serverfault.com/questions/722872/kerberos-error-app-modified-when-using-a-cname-dns-record.

The issue is the fact that the DNS entry is a CNAME record not an A record combined with fact that the SPNs are set up for the host name MyApp and not the machine name MachineB. The solution is to either change the DNS entry for MyApp to an A record that points directly to the IP address of MachineB or to add the SPNs HTTP/MachineB and HTTP/MachineB.Contoso.local (the old ones likely could be removed).

jnahmias · 2023-05-17T20:17:34Z

In any case, at this point the server, when accessed via the CNAME, is immediately returning a 401 response. I can only imagine there's some auth ticket/message validation issue on the server-side, related to the CNAME.

I did do a quick search for negotiate 401 CNAME and found this question from 7 years ago about something similar: https://serverfault.com/questions/722872/kerberos-error-app-modified-when-using-a-cname-dns-record.

The issue is the fact that the DNS entry is a CNAME record not an A record combined with fact that the SPNs are set up for the host name MyApp and not the machine name MachineB. The solution is to either change the DNS entry for MyApp to an A record that points directly to the IP address of MachineB or to add the SPNs HTTP/MachineB and HTTP/MachineB.Contoso.local (the old ones likely could be removed).

That SF question has to do with impersonation -- not really relevant to the issue here. Also, note that I already have an SPN for HTTP/ServerHostname.example.org.

wagnerryan265 · 2023-10-25T07:43:55Z

http.c:724 == Info: Trying 10.7.209.61:443...

http.c:724 == Info: Connected to ServerHostname.example.org (10.7.209.61) port 443 (#0)

http.c:724 == Info: Connected to gitea.example.org (10.7.209.61) port 443 (#0)
http.c:724 == Info: schannel: disabled automatic use of client certificate
http.c:724 == Info: using HTTP/1.x
http.c:683 => Send header: GET /UserName/CodeRepo.git/info/refs?service=git- upload-pack HTTP/1.1

http.c:683 => Send header: Host: ServerHostname.example.org

http.c:683 => Send header: Host: gitea.example.org
http.c:683 => Send header: User-Agent: git/2.40.1.windows.1
http.c:683 => Send header: Accept: /
http.c:683 => Send header: Accept-Encoding: deflate, gzip, br, zstd
http.c:683 => Send header: Pragma: no-cache
http.c:683 => Send header: Git-Protocol: version=2
http.c:683 => Send header:
http.c:683 <= Recv header: HTTP/1.1 401 Unauthorized

http.c:683 <= Recv header: Date: Tue, 02 May 2023 18:52:53 GMT

http.c:683 <= Recv header: Date: Fri, 28 Apr 2023 16:57:22 GMT
http.c:683 <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
http.c:683 <= Recv header: WWW-Authenticate: Negotiate
http.c:683 <= Recv header: Content-Length: 381
http.c:683 <= Recv header: Content-Type: text/html; charset=iso-8859-1
http.c:683 <= Recv header:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kerberos auth not working when accessing repo via HTTPS using CNAME #4400

Kerberos auth not working when accessing repo via HTTPS using CNAME #4400

jnahmias commented Apr 28, 2023

dscho commented Apr 28, 2023

mjcheetham commented Apr 28, 2023

jnahmias commented Apr 28, 2023

mjcheetham commented Apr 28, 2023

jnahmias commented May 2, 2023

mjcheetham commented May 15, 2023

jnahmias commented May 17, 2023

wagnerryan265 commented Oct 25, 2023

Kerberos auth not working when accessing repo via HTTPS using CNAME #4400

Kerberos auth not working when accessing repo via HTTPS using CNAME #4400

Comments

jnahmias commented Apr 28, 2023

Setup

Details

dscho commented Apr 28, 2023

mjcheetham commented Apr 28, 2023

jnahmias commented Apr 28, 2023

mjcheetham commented Apr 28, 2023

jnahmias commented May 2, 2023

mjcheetham commented May 15, 2023

jnahmias commented May 17, 2023

wagnerryan265 commented Oct 25, 2023